The hedging problem for insiders is very important in the financial market.The locally risk minimizing hedging was adopted to solve this problem.Since the market was incomplete,the minimal martingale measure was chose...The hedging problem for insiders is very important in the financial market.The locally risk minimizing hedging was adopted to solve this problem.Since the market was incomplete,the minimal martingale measure was chosen as the equivalent martingale measure.By the F-S decomposition,the expression of the locally risk minimizing strategy was presented.Finally,the local risk minimization was applied to index tracking and its relationship with tracking error variance (TEV)-minimizing strategy was obtained.展开更多
From the perspective of the insiders and outsiders,this study explores the influence of differential leadership on employees’affective commitment and the moderating effect of leader’s self-enhancing humor and indivi...From the perspective of the insiders and outsiders,this study explores the influence of differential leadership on employees’affective commitment and the moderating effect of leader’s self-enhancing humor and individual traditionality.The results show that the differential leadership has a positive impact on the organizational affective commitment of employees,the leader’s self-enhancing humor and the employees’traditionality play a positive regulatory role respectively.Moreover,compared with the outsiders,the low traditionality has a stronger influence on the relationship between differential leadership and organizational affective commitment of the insiders.This paper enriches the research on the influence of leadership style on employee’s affective commitment,proposes and verifies the moderation of leader’s self-enhancing humor and employee’s traditionality,which complements the boundary conditions for the effectiveness of differential leadership style.展开更多
In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,t...In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,the interrelationships between logs are fully considered,and log entries are converted into heterogeneous graphs based on these relationships.Second,the heterogeneous graph embedding is adopted and each log entry is represented as a low-dimensional feature vector.Then,normal logs and malicious logs are classified into different clusters by clustering algorithm to identify malicious logs.Finally,the effectiveness and superiority of the method is verified through experiments on the CERT dataset.The experimental results show that this method has better performance compared to some baseline methods.展开更多
Purpose: This study takes advantage of newly released journal metrics to investigate whether local journals with more qualified boards have lower acceptance rates, based on data from 219 Turkish national journals and ...Purpose: This study takes advantage of newly released journal metrics to investigate whether local journals with more qualified boards have lower acceptance rates, based on data from 219 Turkish national journals and 2,367 editorial board members.Design/methodology/approach: This study argues that journal editors can signal their scholarly quality by publishing in reputable journals. Conversely, editors publishing inside articles in affiliated national journals would send negative signals. The research predicts that high(low) quality editorial boards will conduct more(less) selective evaluation and their journals will have lower(higher) acceptance rates. Based on the publication strategy of editors, four measures of board quality are defined: Number of board inside publications per editor(INSIDER), number of board Social Sciences Citation Index publications per editor(SSCI), inside-to-SSCI article ratio(ISRA), and board citation per editor(CITATION). Predictions are tested by correlation and regression analysis.Findings: Low-quality board proxies(INSIDER, ISRA) are positively, and high-quality board proxies(SSCI, CITATION) are negatively associated with acceptance rates. Further, we find that receiving a larger number of submissions, greater women representation on boards, and Web of Science and Scopus(WOSS) coverage are associated with lower acceptance rates. Acceptance rates for journals range from 12% to 91%, with an average of 54% and a median of 53%. Law journals have significantly higher average acceptance rate(68%) than other journals, while WOSS journals have the lowest(43%). Findings indicate some of the highest acceptance rates in Social Sciences literature, including competitive Business and Economics journals that traditionally have low acceptance rates. Limitations: Research relies on local context to define publication strategy of editors. Findings may not be generalizable to mainstream journals and core science countries where emphasis on research quality is stronger and editorial selection is based on scientific merit.Practical implications: Results offer useful insights into editorial management of national journals and allow us to make sense of local editorial practices. The importance of scientific merit for selection to national journal editorial boards is particularly highlighted for sound editorial evaluation of submitted manuscripts.Originality/value: This is the first attempt to document a significant relation between acceptance rates and editorial board publication behavior.展开更多
Using data from the Bucharest Stock Exchange,we examine the factors influencing the probability of informed trading(PIN)during February—October 2020,a COVID-19 pandemic period.Based on an unconditional quantile regre...Using data from the Bucharest Stock Exchange,we examine the factors influencing the probability of informed trading(PIN)during February—October 2020,a COVID-19 pandemic period.Based on an unconditional quantile regression approach,we show that PIN exhibit asymmetric dependency with liquidity and trading costs.Furthermore,building a customized database that contains all insider transactions on the Bucharest Stock Exchange,we reveal that these types of orders monotonically increase the infor-mation asymmetry from the 50th to the 90th quantile throughout the PIN distribution.Finally,we bring strong empirical evidence associating the level of information asym-metry to the level of fake news related to the COVID-19 pandemic.This novel result suggests that during episodes when the level of PIN is medium to high(between 15 and 50%),any COVID-19 related news classified as misinformation released during the lockdown period,is discouraging informed traders to place buy or sell orders condi-tioned by their private information.展开更多
Unlike external attacks,insider threats arise from legitimate users who belong to the organization.These individuals may be a potential threat for hostile behavior depending on their motives.For insider detection,many...Unlike external attacks,insider threats arise from legitimate users who belong to the organization.These individuals may be a potential threat for hostile behavior depending on their motives.For insider detection,many intrusion detection systems learn and prevent known scenarios,but because malicious behavior has similar patterns to normal behavior,in reality,these systems can be evaded.Furthermore,because insider threats share a feature space similar to normal behavior,identifying them by detecting anomalies has limitations.This study proposes an improved anomaly detection methodology for insider threats that occur in cybersecurity in which a discrete wavelet transformation technique is applied to classify normal vs.malicious users.The discrete wavelet transformation technique easily discovers new patterns or decomposes synthesized data,making it possible to distinguish between shared characteristics.To verify the efficacy of the proposed methodology,experiments were conducted in which normal users and malicious users were classified based on insider threat scenarios provided in Carnegie Mellon University’s Computer Emergency Response Team(CERT)dataset.The experimental results indicate that the proposed methodology with discrete wavelet transformation reduced the false-positive rate by 82%to 98%compared to the case with no wavelet applied.Thus,the proposed methodology has high potential for application to similar feature spaces.展开更多
Background Not long ago, I shared my ideas with the insiders during a brand growth forum. At the time, not surprisingly, I received many questions that were often asked: Without financing nor big money, how can a bran...Background Not long ago, I shared my ideas with the insiders during a brand growth forum. At the time, not surprisingly, I received many questions that were often asked: Without financing nor big money, how can a brand grow rapidly? The repurchase is not bad, but it is not working to attract new customers. Can CRM grow only depending on the regular customer? A lot of brands put in hundreds of thousands of money on beauty influencers on internets every month. Why the conversion rate is so bad? My company?s scale is large, basically speaking, but the profit rate is not good. How to improve efficiency? I have no problem with growth, but inventory management is too difficult. It seems to make money. In fact, it is all in stock. How to enhance the uniqueness of my brand? If I?m unique enough, will my brand grow?展开更多
Software-Defined Networking(SDN)is an emerging architecture that enables a computer network to be intelligently and centrally controlled via software applications.It can help manage the whole network environment in a ...Software-Defined Networking(SDN)is an emerging architecture that enables a computer network to be intelligently and centrally controlled via software applications.It can help manage the whole network environment in a consistent and holistic way,without the need of understanding the underlying network structure.At present,SDN may face many challenges like insider attacks,i.e.,the centralized control plane would be attacked by malicious underlying devices and switches.To protect the security of SDN,effective detection approaches are indispensable.In the literature,challenge-based collaborative intrusion detection networks(CIDNs)are an effective detection framework in identifying malicious nodes.It calculates the nodes'reputation and detects a malicious node by sending out a special message called a challenge.In this work,we devise a challenge-based CIDN in SDN and measure its performance against malicious internal nodes.Our results demonstrate that such a mechanism can be effective in SDN environments.展开更多
The security problems of wireless sensor networks (WSN) have attracted people’s wide attention. In this paper, after we have summarized the existing security problems and solutions in WSN, we find that the insider at...The security problems of wireless sensor networks (WSN) have attracted people’s wide attention. In this paper, after we have summarized the existing security problems and solutions in WSN, we find that the insider attack to WSN is hard to solve. Insider attack is different from outsider attack, because it can’t be solved by the traditional encryption and message authentication. Therefore, a reliable secure routing protocol should be proposed in order to defense the insider attack. In this paper, we focus on insider selective forwarding attack. The existing detection mechanisms, such as watchdog, multipath retreat, neighbor-based monitoring and so on, have both advantages and disadvantages. According to their characteristics, we proposed a secure routing protocol based on monitor node and trust mechanism. The reputation value is made up with packet forwarding rate and node’s residual energy. So this detection and routing mechanism is universal because it can take account of both the safety and lifetime of network. Finally, we use OPNET simulation to verify the performance of our algorithm.展开更多
In the information era,the core business and confidential information of enterprises/organizations is stored in information systems.However,certain malicious inside network users exist hidden inside the organization;t...In the information era,the core business and confidential information of enterprises/organizations is stored in information systems.However,certain malicious inside network users exist hidden inside the organization;these users intentionally or unintentionally misuse the privileges of the organization to obtain sensitive information from the company.The existing approaches on insider threat detection mostly focus on monitoring,detecting,and preventing any malicious behavior generated by users within an organization’s system while ignoring the imbalanced ground-truth insider threat data impact on security.To this end,to be able to detect insider threats more effectively,a data processing tool was developed to process the detected user activity to generate information-use events,and formulated a Data Adjustment(DA)strategy to adjust the weight of the minority and majority samples.Then,an efficient ensemble strategy was utilized,which applied the extreme gradient boosting(XGBoost)model combined with the DA strategy to detect anomalous behavior.The CERT dataset was used for an insider threat to evaluate our approach,which was a real-world dataset with artificially injected insider threat events.The results demonstrated that the proposed approach can effectively detect insider threats,with an accuracy rate of 99.51%and an average recall rate of 98.16%.Compared with other classifiers,the detection performance is improved by 8.76%.展开更多
As nearly half of the incidents in enterprise security have been triggered by insiders,it is important to deploy a more intelligent defense system to assist enterprises in pinpointing and resolving the incidents cause...As nearly half of the incidents in enterprise security have been triggered by insiders,it is important to deploy a more intelligent defense system to assist enterprises in pinpointing and resolving the incidents caused by insiders or malicious software(malware)in real-time.Failing to do so may cause a serious loss of reputation as well as business.At the same time,modern network traffic has dynamic patterns,high complexity,and large volumes that make it more difficult to detect malware early.The ability to learn tasks sequentially is crucial to the development of artificial intelligence.Existing neurogenetic computation models with deep-learning techniques are able to detect complex patterns;however,the models have limitations,including catastrophic forgetfulness,and require intensive computational resources.As defense systems using deep-learning models require more time to learn new traffic patterns,they cannot perform fully online(on-the-fly)learning.Hence,an intelligent attack/malware detection system with on-the-fly learning capability is required.For this paper,a memory-prediction framework was adopted,and a simplified single cell assembled sequential hierarchical memory(s.SCASHM)model instead of the hierarchical temporal memory(HTM)model is proposed to speed up learning convergence to achieve onthe-fly learning.The s.SCASHM consists of a Single Neuronal Cell(SNC)model and a simplified Sequential Hierarchical Superset(SHS)platform.The s.SCASHMis implemented as the prediction engine of a user behavior analysis tool to detect insider attacks/anomalies.The experimental results show that the proposed memory model can predict users’traffic behavior with accuracy level ranging from 72%to 83%while performing on-the-fly learning.展开更多
Cloud computing is a high network infrastructure where users,owners,third users,authorized users,and customers can access and store their information quickly.The use of cloud computing has realized the rapid increase ...Cloud computing is a high network infrastructure where users,owners,third users,authorized users,and customers can access and store their information quickly.The use of cloud computing has realized the rapid increase of information in every field and the need for a centralized location for processing efficiently.This cloud is nowadays highly affected by internal threats of the user.Sensitive applications such as banking,hospital,and business are more likely affected by real user threats.An intruder is presented as a user and set as a member of the network.After becoming an insider in the network,they will try to attack or steal sensitive data during information sharing or conversation.The major issue in today's technological development is identifying the insider threat in the cloud network.When data are lost,compromising cloud users is difficult.Privacy and security are not ensured,and then,the usage of the cloud is not trusted.Several solutions are available for the external security of the cloud network.However,insider or internal threats need to be addressed.In this research work,we focus on a solution for identifying an insider attack using the artificial intelligence technique.An insider attack is possible by using nodes of weak users’systems.They will log in using a weak user id,connect to a network,and pretend to be a trusted node.Then,they can easily attack and hack information as an insider,and identifying them is very difficult.These types of attacks need intelligent solutions.A machine learning approach is widely used for security issues.To date,the existing lags can classify the attackers accurately.This information hijacking process is very absurd,which motivates young researchers to provide a solution for internal threats.In our proposed work,we track the attackers using a user interaction behavior pattern and deep learning technique.The usage of mouse movements and clicks and keystrokes of the real user is stored in a database.The deep belief neural network is designed using a restricted Boltzmann machine(RBM)so that the layer of RBM communicates with the previous and subsequent layers.The result is evaluated using a Cooja simulator based on the cloud environment.The accuracy and F-measure are highly improved compared with when using the existing long short-term memory and support vector machine.展开更多
Most of the articles about insider trading assume that there is only one risky asset in the market. On the basis of these papers, this thesis is mainly divided into three parts to study the situation of multiple risky...Most of the articles about insider trading assume that there is only one risky asset in the market. On the basis of these papers, this thesis is mainly divided into three parts to study the situation of multiple risky assets in the market. In the first part, the situation of multiple risky assets in the market when two transactions are in progress is studied and then, the equilibrium when the market requires the internal traders to disclose the trading volume after each transaction is analyzed. In the second part, the equilibrium of multi-period based on the two phases of transaction is derived. The third part is the summary of the paper.展开更多
When considering Intrusion Detection and the Insider Threat, most researchers tend to focus on the network architecture rather than the database which is the primary target of data theft. It is understood that the net...When considering Intrusion Detection and the Insider Threat, most researchers tend to focus on the network architecture rather than the database which is the primary target of data theft. It is understood that the network level is adequate for many intrusions where entry into the system is being sought however it is grossly inadequate when considering the database and the authorized insider. Recent writings suggest that there have been many attempts to address the insider threat phenomena in regards to database technologies by the utilization of detection methodologies, policy management systems and behavior analysis methods however, there appears to be a lacking in the development of adequate solutions that will achieve the level of detection that is required. While it is true that Authorization is the cornerstone to the security of the database implementation, authorization alone is not enough to prevent the authorized entity from initiating malicious activities in regards to the data stored within the database. Behavior of the authorized entity must also be considered along with current data access control policies. Each of the previously mentioned approaches to intrusion detection at the database level has been considered individually, however, there has been limited research in producing a multileveled approach to achieve a robust solution. The research presented outlines the development of a detection framework by introducing a process that is to be implemented in conjunction with information requests. By utilizing this approach, an effective and robust methodology has been achieved that can be used to determine the probability of an intrusion by the authorized entity, which ultimately address the insider threat phenomena at its most basic level.展开更多
This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactic...This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactical offensive threats. Conformal prediction is the principled and unified adaptive and learning framework used to design, develop, and deploy a multi-faceted?self-managing defensive shield to detect, disrupt, and deny intrusive attacks, hostile and malicious behavior, and subterfuge. Conformal prediction leverages apparent relationships between immunity and intrusion detection using non-conformity measures characteristic of affinity, a typicality, and surprise, to recognize patterns and messages as friend or foe and to respond to them accordingly. The solutions proffered throughout are built around active learning, meta-reasoning, randomness, distributed semantics and stratification, and most important and above all around adaptive Oracles. The motivation for using conformal prediction and its immediate off-spring, those of semi-supervised learning and transduction, comes from them first and foremost supporting discriminative and non-parametric methods characteristic of principled demarcation using cohorts and sensitivity analysis to hedge on the prediction outcomes including negative selection, on one side, and providing credibility and confidence indices that assist meta-reasoning and information fusion.展开更多
Virtualization technology plays a key role in cloud computing.Thus,the security issues of virtualization tools(hypervisors,emulators,etc.) should be under precise consideration.However,threats of insider attacks are...Virtualization technology plays a key role in cloud computing.Thus,the security issues of virtualization tools(hypervisors,emulators,etc.) should be under precise consideration.However,threats of insider attacks are underestimated.The virtualization tools and hypervisors have been poorly protected from this type of attacks.Furthermore,hypervisor is one of the most critical elements in cloud computing infrastructure.Firstly,hypervisor vulnerabilities analysis is provided.Secondly,a formal model of insider attack on hypervisor is developed.Consequently,on the basis of the formal attack model,we propose a new methodology of hypervisor stability evaluation.In this paper,certain security countermeasures are considered that should be integrated in hypervisor software architecture.展开更多
基金National Natural Science Foundations of China (No. 11071076,No. 11126124)
文摘The hedging problem for insiders is very important in the financial market.The locally risk minimizing hedging was adopted to solve this problem.Since the market was incomplete,the minimal martingale measure was chosen as the equivalent martingale measure.By the F-S decomposition,the expression of the locally risk minimizing strategy was presented.Finally,the local risk minimization was applied to index tracking and its relationship with tracking error variance (TEV)-minimizing strategy was obtained.
文摘From the perspective of the insiders and outsiders,this study explores the influence of differential leadership on employees’affective commitment and the moderating effect of leader’s self-enhancing humor and individual traditionality.The results show that the differential leadership has a positive impact on the organizational affective commitment of employees,the leader’s self-enhancing humor and the employees’traditionality play a positive regulatory role respectively.Moreover,compared with the outsiders,the low traditionality has a stronger influence on the relationship between differential leadership and organizational affective commitment of the insiders.This paper enriches the research on the influence of leadership style on employee’s affective commitment,proposes and verifies the moderation of leader’s self-enhancing humor and employee’s traditionality,which complements the boundary conditions for the effectiveness of differential leadership style.
基金Supported by the National Natural Science Foundation of China(No.62203390)the Science and Technology Project of China TobaccoZhejiang Industrial Co.,Ltd(No.ZJZY2022E004)。
文摘In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,the interrelationships between logs are fully considered,and log entries are converted into heterogeneous graphs based on these relationships.Second,the heterogeneous graph embedding is adopted and each log entry is represented as a low-dimensional feature vector.Then,normal logs and malicious logs are classified into different clusters by clustering algorithm to identify malicious logs.Finally,the effectiveness and superiority of the method is verified through experiments on the CERT dataset.The experimental results show that this method has better performance compared to some baseline methods.
文摘Purpose: This study takes advantage of newly released journal metrics to investigate whether local journals with more qualified boards have lower acceptance rates, based on data from 219 Turkish national journals and 2,367 editorial board members.Design/methodology/approach: This study argues that journal editors can signal their scholarly quality by publishing in reputable journals. Conversely, editors publishing inside articles in affiliated national journals would send negative signals. The research predicts that high(low) quality editorial boards will conduct more(less) selective evaluation and their journals will have lower(higher) acceptance rates. Based on the publication strategy of editors, four measures of board quality are defined: Number of board inside publications per editor(INSIDER), number of board Social Sciences Citation Index publications per editor(SSCI), inside-to-SSCI article ratio(ISRA), and board citation per editor(CITATION). Predictions are tested by correlation and regression analysis.Findings: Low-quality board proxies(INSIDER, ISRA) are positively, and high-quality board proxies(SSCI, CITATION) are negatively associated with acceptance rates. Further, we find that receiving a larger number of submissions, greater women representation on boards, and Web of Science and Scopus(WOSS) coverage are associated with lower acceptance rates. Acceptance rates for journals range from 12% to 91%, with an average of 54% and a median of 53%. Law journals have significantly higher average acceptance rate(68%) than other journals, while WOSS journals have the lowest(43%). Findings indicate some of the highest acceptance rates in Social Sciences literature, including competitive Business and Economics journals that traditionally have low acceptance rates. Limitations: Research relies on local context to define publication strategy of editors. Findings may not be generalizable to mainstream journals and core science countries where emphasis on research quality is stronger and editorial selection is based on scientific merit.Practical implications: Results offer useful insights into editorial management of national journals and allow us to make sense of local editorial practices. The importance of scientific merit for selection to national journal editorial boards is particularly highlighted for sound editorial evaluation of submitted manuscripts.Originality/value: This is the first attempt to document a significant relation between acceptance rates and editorial board publication behavior.
基金Analiza impactului incertitudinilor actuale asupra mediului economic,ediția 2022,No.750/19.05.2022(en:Analysis of the impact of current uncertainties on the economic environment,2022 edition,No.750/19.05.2022).Recipient:Cosmin-Octavian CEPOI,PhD.
文摘Using data from the Bucharest Stock Exchange,we examine the factors influencing the probability of informed trading(PIN)during February—October 2020,a COVID-19 pandemic period.Based on an unconditional quantile regression approach,we show that PIN exhibit asymmetric dependency with liquidity and trading costs.Furthermore,building a customized database that contains all insider transactions on the Bucharest Stock Exchange,we reveal that these types of orders monotonically increase the infor-mation asymmetry from the 50th to the 90th quantile throughout the PIN distribution.Finally,we bring strong empirical evidence associating the level of information asym-metry to the level of fake news related to the COVID-19 pandemic.This novel result suggests that during episodes when the level of PIN is medium to high(between 15 and 50%),any COVID-19 related news classified as misinformation released during the lockdown period,is discouraging informed traders to place buy or sell orders condi-tioned by their private information.
基金This work was supported by the Research Program through the National Research Foundation of Korea,NRF-2022R1F1A1073375。
文摘Unlike external attacks,insider threats arise from legitimate users who belong to the organization.These individuals may be a potential threat for hostile behavior depending on their motives.For insider detection,many intrusion detection systems learn and prevent known scenarios,but because malicious behavior has similar patterns to normal behavior,in reality,these systems can be evaded.Furthermore,because insider threats share a feature space similar to normal behavior,identifying them by detecting anomalies has limitations.This study proposes an improved anomaly detection methodology for insider threats that occur in cybersecurity in which a discrete wavelet transformation technique is applied to classify normal vs.malicious users.The discrete wavelet transformation technique easily discovers new patterns or decomposes synthesized data,making it possible to distinguish between shared characteristics.To verify the efficacy of the proposed methodology,experiments were conducted in which normal users and malicious users were classified based on insider threat scenarios provided in Carnegie Mellon University’s Computer Emergency Response Team(CERT)dataset.The experimental results indicate that the proposed methodology with discrete wavelet transformation reduced the false-positive rate by 82%to 98%compared to the case with no wavelet applied.Thus,the proposed methodology has high potential for application to similar feature spaces.
文摘Background Not long ago, I shared my ideas with the insiders during a brand growth forum. At the time, not surprisingly, I received many questions that were often asked: Without financing nor big money, how can a brand grow rapidly? The repurchase is not bad, but it is not working to attract new customers. Can CRM grow only depending on the regular customer? A lot of brands put in hundreds of thousands of money on beauty influencers on internets every month. Why the conversion rate is so bad? My company?s scale is large, basically speaking, but the profit rate is not good. How to improve efficiency? I have no problem with growth, but inventory management is too difficult. It seems to make money. In fact, it is all in stock. How to enhance the uniqueness of my brand? If I?m unique enough, will my brand grow?
基金This work was supported by National Natural Science Foundation of China(No.61802080 and 61802077)Guangdong General Colleges and Universities Research Project(2018GkQNCX105)+1 种基金Zhongshan Public Welfare Science and Technology Research Project(2019B2044)Keping Yu was supported in part by the Japan Society for the Promotion of Science(JSPS)Grants-in-Aid for Scientific Research(KAKENHI)under Grant JP18K18044.
文摘Software-Defined Networking(SDN)is an emerging architecture that enables a computer network to be intelligently and centrally controlled via software applications.It can help manage the whole network environment in a consistent and holistic way,without the need of understanding the underlying network structure.At present,SDN may face many challenges like insider attacks,i.e.,the centralized control plane would be attacked by malicious underlying devices and switches.To protect the security of SDN,effective detection approaches are indispensable.In the literature,challenge-based collaborative intrusion detection networks(CIDNs)are an effective detection framework in identifying malicious nodes.It calculates the nodes'reputation and detects a malicious node by sending out a special message called a challenge.In this work,we devise a challenge-based CIDN in SDN and measure its performance against malicious internal nodes.Our results demonstrate that such a mechanism can be effective in SDN environments.
文摘The security problems of wireless sensor networks (WSN) have attracted people’s wide attention. In this paper, after we have summarized the existing security problems and solutions in WSN, we find that the insider attack to WSN is hard to solve. Insider attack is different from outsider attack, because it can’t be solved by the traditional encryption and message authentication. Therefore, a reliable secure routing protocol should be proposed in order to defense the insider attack. In this paper, we focus on insider selective forwarding attack. The existing detection mechanisms, such as watchdog, multipath retreat, neighbor-based monitoring and so on, have both advantages and disadvantages. According to their characteristics, we proposed a secure routing protocol based on monitor node and trust mechanism. The reputation value is made up with packet forwarding rate and node’s residual energy. So this detection and routing mechanism is universal because it can take account of both the safety and lifetime of network. Finally, we use OPNET simulation to verify the performance of our algorithm.
基金This work was financially supported by“the National Key R&D Program of China”(No.2018YFB0803602)exploration and practice on the education mode for engineering students based on technology,literature and art interdisciplinary integration with the Internet+background(No.022150118004/001)。
文摘In the information era,the core business and confidential information of enterprises/organizations is stored in information systems.However,certain malicious inside network users exist hidden inside the organization;these users intentionally or unintentionally misuse the privileges of the organization to obtain sensitive information from the company.The existing approaches on insider threat detection mostly focus on monitoring,detecting,and preventing any malicious behavior generated by users within an organization’s system while ignoring the imbalanced ground-truth insider threat data impact on security.To this end,to be able to detect insider threats more effectively,a data processing tool was developed to process the detected user activity to generate information-use events,and formulated a Data Adjustment(DA)strategy to adjust the weight of the minority and majority samples.Then,an efficient ensemble strategy was utilized,which applied the extreme gradient boosting(XGBoost)model combined with the DA strategy to detect anomalous behavior.The CERT dataset was used for an insider threat to evaluate our approach,which was a real-world dataset with artificially injected insider threat events.The results demonstrated that the proposed approach can effectively detect insider threats,with an accuracy rate of 99.51%and an average recall rate of 98.16%.Compared with other classifiers,the detection performance is improved by 8.76%.
基金This research was funded by Scientific Research Deanship,Albaha University,under the Grant Number:[24/1440].
文摘As nearly half of the incidents in enterprise security have been triggered by insiders,it is important to deploy a more intelligent defense system to assist enterprises in pinpointing and resolving the incidents caused by insiders or malicious software(malware)in real-time.Failing to do so may cause a serious loss of reputation as well as business.At the same time,modern network traffic has dynamic patterns,high complexity,and large volumes that make it more difficult to detect malware early.The ability to learn tasks sequentially is crucial to the development of artificial intelligence.Existing neurogenetic computation models with deep-learning techniques are able to detect complex patterns;however,the models have limitations,including catastrophic forgetfulness,and require intensive computational resources.As defense systems using deep-learning models require more time to learn new traffic patterns,they cannot perform fully online(on-the-fly)learning.Hence,an intelligent attack/malware detection system with on-the-fly learning capability is required.For this paper,a memory-prediction framework was adopted,and a simplified single cell assembled sequential hierarchical memory(s.SCASHM)model instead of the hierarchical temporal memory(HTM)model is proposed to speed up learning convergence to achieve onthe-fly learning.The s.SCASHM consists of a Single Neuronal Cell(SNC)model and a simplified Sequential Hierarchical Superset(SHS)platform.The s.SCASHMis implemented as the prediction engine of a user behavior analysis tool to detect insider attacks/anomalies.The experimental results show that the proposed memory model can predict users’traffic behavior with accuracy level ranging from 72%to 83%while performing on-the-fly learning.
文摘Cloud computing is a high network infrastructure where users,owners,third users,authorized users,and customers can access and store their information quickly.The use of cloud computing has realized the rapid increase of information in every field and the need for a centralized location for processing efficiently.This cloud is nowadays highly affected by internal threats of the user.Sensitive applications such as banking,hospital,and business are more likely affected by real user threats.An intruder is presented as a user and set as a member of the network.After becoming an insider in the network,they will try to attack or steal sensitive data during information sharing or conversation.The major issue in today's technological development is identifying the insider threat in the cloud network.When data are lost,compromising cloud users is difficult.Privacy and security are not ensured,and then,the usage of the cloud is not trusted.Several solutions are available for the external security of the cloud network.However,insider or internal threats need to be addressed.In this research work,we focus on a solution for identifying an insider attack using the artificial intelligence technique.An insider attack is possible by using nodes of weak users’systems.They will log in using a weak user id,connect to a network,and pretend to be a trusted node.Then,they can easily attack and hack information as an insider,and identifying them is very difficult.These types of attacks need intelligent solutions.A machine learning approach is widely used for security issues.To date,the existing lags can classify the attackers accurately.This information hijacking process is very absurd,which motivates young researchers to provide a solution for internal threats.In our proposed work,we track the attackers using a user interaction behavior pattern and deep learning technique.The usage of mouse movements and clicks and keystrokes of the real user is stored in a database.The deep belief neural network is designed using a restricted Boltzmann machine(RBM)so that the layer of RBM communicates with the previous and subsequent layers.The result is evaluated using a Cooja simulator based on the cloud environment.The accuracy and F-measure are highly improved compared with when using the existing long short-term memory and support vector machine.
文摘Most of the articles about insider trading assume that there is only one risky asset in the market. On the basis of these papers, this thesis is mainly divided into three parts to study the situation of multiple risky assets in the market. In the first part, the situation of multiple risky assets in the market when two transactions are in progress is studied and then, the equilibrium when the market requires the internal traders to disclose the trading volume after each transaction is analyzed. In the second part, the equilibrium of multi-period based on the two phases of transaction is derived. The third part is the summary of the paper.
文摘When considering Intrusion Detection and the Insider Threat, most researchers tend to focus on the network architecture rather than the database which is the primary target of data theft. It is understood that the network level is adequate for many intrusions where entry into the system is being sought however it is grossly inadequate when considering the database and the authorized insider. Recent writings suggest that there have been many attempts to address the insider threat phenomena in regards to database technologies by the utilization of detection methodologies, policy management systems and behavior analysis methods however, there appears to be a lacking in the development of adequate solutions that will achieve the level of detection that is required. While it is true that Authorization is the cornerstone to the security of the database implementation, authorization alone is not enough to prevent the authorized entity from initiating malicious activities in regards to the data stored within the database. Behavior of the authorized entity must also be considered along with current data access control policies. Each of the previously mentioned approaches to intrusion detection at the database level has been considered individually, however, there has been limited research in producing a multileveled approach to achieve a robust solution. The research presented outlines the development of a detection framework by introducing a process that is to be implemented in conjunction with information requests. By utilizing this approach, an effective and robust methodology has been achieved that can be used to determine the probability of an intrusion by the authorized entity, which ultimately address the insider threat phenomena at its most basic level.
文摘This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactical offensive threats. Conformal prediction is the principled and unified adaptive and learning framework used to design, develop, and deploy a multi-faceted?self-managing defensive shield to detect, disrupt, and deny intrusive attacks, hostile and malicious behavior, and subterfuge. Conformal prediction leverages apparent relationships between immunity and intrusion detection using non-conformity measures characteristic of affinity, a typicality, and surprise, to recognize patterns and messages as friend or foe and to respond to them accordingly. The solutions proffered throughout are built around active learning, meta-reasoning, randomness, distributed semantics and stratification, and most important and above all around adaptive Oracles. The motivation for using conformal prediction and its immediate off-spring, those of semi-supervised learning and transduction, comes from them first and foremost supporting discriminative and non-parametric methods characteristic of principled demarcation using cohorts and sensitivity analysis to hedge on the prediction outcomes including negative selection, on one side, and providing credibility and confidence indices that assist meta-reasoning and information fusion.
文摘Virtualization technology plays a key role in cloud computing.Thus,the security issues of virtualization tools(hypervisors,emulators,etc.) should be under precise consideration.However,threats of insider attacks are underestimated.The virtualization tools and hypervisors have been poorly protected from this type of attacks.Furthermore,hypervisor is one of the most critical elements in cloud computing infrastructure.Firstly,hypervisor vulnerabilities analysis is provided.Secondly,a formal model of insider attack on hypervisor is developed.Consequently,on the basis of the formal attack model,we propose a new methodology of hypervisor stability evaluation.In this paper,certain security countermeasures are considered that should be integrated in hypervisor software architecture.
