In an era where digital technology is paramount, higher education institutions like the University of Zambia (UNZA) are employing advanced computer networks to enhance their operational capacity and offer cutting-edge...In an era where digital technology is paramount, higher education institutions like the University of Zambia (UNZA) are employing advanced computer networks to enhance their operational capacity and offer cutting-edge services to their academic fraternity. Spanning across the Great East Road campus, UNZA has established one of the most extensive computer networks in Zambia, serving a burgeoning community of over 20,000 active users through a Metropolitan Area Network (MAN). However, as the digital landscape continues to evolve, it is besieged with burgeoning challenges that threaten the very fabric of network integrity—cyber security threats and the imperatives of maintaining high Quality of Service (QoS). In an effort to mitigate these threats and ensure network efficiency, the development of a mobile application to monitor temperatures in the server room was imperative. According to L. Wei, X. Zeng, and T. Shen, the use of wireless sensory networks to monitor the temperature of train switchgear contact points represents a cost-effective solution. The system is based on wireless communication technology and is detailed in their paper, “A wireless solution for train switchgear contact temperature monitoring and alarming system based on wireless communication technology”, published in the International Journal of Communications, Network and System Sciences, vol. 8, no. 4, pp. 79-87, 2015 [1]. Therefore, in this study, a mobile application technology was explored for monitoring of temperatures in the server room in order to aid Cisco device performance. Additionally, this paper also explores the hardening of Cisco device security and QoS which are the cornerstones of this study.展开更多
In recent years,artificial intelligence technology has developed rapidly around the world is widely used in various fields,and plays an important role.The integration of industrial Internet security with new technolog...In recent years,artificial intelligence technology has developed rapidly around the world is widely used in various fields,and plays an important role.The integration of industrial Internet security with new technologies such as big models and generative artificial intelligence has become a hot research issue.In this regard,this paper briefly analyzes the industrial Internet security technology and application from the perspective of generative artificial intelligence,hoping to provide some valuable reference and reference for readers.展开更多
The wireless application protocol (WAP) protocol is now the leading standard for information services on wireless terminals like digital mobile phones. By the use of WAP, wireless devices, like mobile phones, are po...The wireless application protocol (WAP) protocol is now the leading standard for information services on wireless terminals like digital mobile phones. By the use of WAP, wireless devices, like mobile phones, are possibly infected with virus and worms. Though up to now there is no such attack, as the usage of script languages increases, there is a chance of malicious code injection. This paper discusses the threats with current WAP protocol, and how changes in the protocol and the increase in its usage will enable entry of real viruses. Future threat scenarios are presented along with suggestions to avoid these problems.展开更多
Various mobile devices and applications are now used in daily life.These devices require high-speed data processing,low energy consumption,low communication latency,and secure data transmission,especially in 5G and 6G...Various mobile devices and applications are now used in daily life.These devices require high-speed data processing,low energy consumption,low communication latency,and secure data transmission,especially in 5G and 6G mobile networks.High-security cryptography guarantees that essential data can be transmitted securely;however,it increases energy consumption and reduces data processing speed.Therefore,this study proposes a low-energy data encryption(LEDE)algorithm based on the Advanced Encryption Standard(AES)for improving data transmission security and reducing the energy consumption of encryption in Internet-of-Things(IoT)devices.In the proposed LEDE algorithm,the system time parameter is employed to create a dynamic S-Box to replace the static S-Box of AES.Tests indicated that six-round LEDE encryption achieves the same security level as 10-round conventional AES encryption.This reduction in encryption time results in the LEDE algorithm having a 67.4%lower energy consumption and 43.9%shorter encryption time than conventional AES;thus,the proposed LEDE algorithm can improve the performance and the energy consumption of IoT edge devices.展开更多
To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnera...To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnerable to conventional attacks or have low efficiency so that they cannot be applied to mobile applications. In this paper, we proposed a password-authenticated multiple key exchange protocol for mobile applications using elliptic curve cryptosystem. The proposed protocol can achieve efficiency, reliability, flexibility and scalability at the same time. Compared with related works, the proposed protocol is more suitable and practical for mobile applications.展开更多
Mobile Industrial Internet of Things(IIoT)applications have achieved the explosive growth in recent years.The mobile IIoT has flourished and become the backbone of the industry,laying a solid foundation for the interc...Mobile Industrial Internet of Things(IIoT)applications have achieved the explosive growth in recent years.The mobile IIoT has flourished and become the backbone of the industry,laying a solid foundation for the interconnection of all things.The variety of application scenarios has brought serious challenges to mobile IIoT networks,which face complex and changeable communication environments.Ensuring data secure transmission is critical for mobile IIoT networks.This paper investigates the data secure transmission performance prediction of mobile IIoT networks.To cut down computational complexity,we propose a data secure transmission scheme employing Transmit Antenna Selection(TAS).The novel secrecy performance expressions are first derived.Then,to realize real-time secrecy analysis,we design an improved Convolutional Neural Network(CNN)model,and propose an intelligent data secure transmission performance prediction algorithm.For mobile signals,the important features may be removed by the pooling layers.This will lead to negative effects on the secrecy performance prediction.A novel nine-layer improved CNN model is designed.Out of the input and output layers,it removes the pooling layer and contains six convolution layers.Elman,Back-Propagation(BP)and LeNet methods are employed to compare with the proposed algorithm.Through simulation analysis,good prediction accuracy is achieved by the CNN algorithm.The prediction accuracy obtains a 59%increase.展开更多
Software reverse engineering is the process of analyzing a software system to extract the design and implementation details.Reverse engineering provides the source code of an application,the insight view of the archit...Software reverse engineering is the process of analyzing a software system to extract the design and implementation details.Reverse engineering provides the source code of an application,the insight view of the architecture and the third-party dependencies.From a security perspective,it is mostly used for finding vulnerabilities and attacking or cracking an application.The process is carried out either by obtaining the code in plaintext or reading it through the binaries or mnemonics.Nowadays,reverse engineering is widely used for mobile applications and is considered a security risk.The Open Web Application Security Project(OWASP),a leading security research forum,has included reverse engineering in its top 10 list of mobile application vulnerabilities.Mobile applications are used in many sectors,e.g.,banking,education,health.In particular,the banking applications are critical in terms of security as they are used for financial transactions.A security breach of such applications can result in huge financial losses for the customers as well as the banks.There exist various tools for reverse engineering of mobile applications,however,they have deficiencies,e.g.,complex configurations,lack of detailed analysis reports.In this research work,we perform an analysis of the available tools for reverse engineering of mobile applications.Our dataset consists of the mobile banking applications of the banks providing services in Pakistan.Our results indicate that none of the existing tools can carry out the complete reverse engineering process as a standalone tool.In addition,we observe significant differences in terms of the execution time and the number of files generated by each tool for the same file.展开更多
Increasing popularity of Android is making its security issue more crucial nowadays. This paper focuses on one-stop solution to secure Android device against information security and theft. Proposed application protec...Increasing popularity of Android is making its security issue more crucial nowadays. This paper focuses on one-stop solution to secure Android device against information security and theft. Proposed application protects Android device against theft and helps to control Android device by SMS or using internet connection. By this application once the user has configured the account for anti theft, user can remotely track, sound a loud siren, lock, secretly capture photo of an intruder who tries to break in, get randomly recorded voice of intruder, get thief identity using device web history and can able to wipe all your private data. This data and tracking information will be stored in one central web server database and one can access it anytime through login.展开更多
Despite only being around for a few years, mobile devices have steadily risen to become the most extensively used computer devices. Given the number of people who rely on smartphones, which can install third-party app...Despite only being around for a few years, mobile devices have steadily risen to become the most extensively used computer devices. Given the number of people who rely on smartphones, which can install third-party apps, it has become an increasingly important issue for end-users and service providers to ensure that both the devices and the underlying network are secure. People will become more reliant on applications such as SMS, MMS, Internet Access, Online Transactions, and so on due to such features and capabilities. Thousands of devices ranging from low-cost phones to high-end luxury phones are powered by the Android operating system, which has dominated the smartphone marketplace. It is about making it possible for people from all socioeconomic backgrounds to get and use mobile devices in their daily activities. In response to this growing popularity, the number of new applications introduced to the Android market has skyrocketed. The recent appearance of a wide range of mobile malware has caught the attention of security professionals and scholars alike. In light of the ongoing expansion of the mobile phone industry, the likelihood of it being used in criminal activities will only continue to rise in the future. This article reviews the literature on malware detection and prevention in Android mobile devices, analyzes the existing literature on major studies and tasks, and covers articles, journals, and digital resources such as Internet security publications, scientific studies, and conferences.展开更多
Mobile edge computing(MEC)provides effective cloud services and functionality at the edge device,to improve the quality of service(QoS)of end users by offloading the high computation tasks.Currently,the introduction o...Mobile edge computing(MEC)provides effective cloud services and functionality at the edge device,to improve the quality of service(QoS)of end users by offloading the high computation tasks.Currently,the introduction of deep learning(DL)and hardware technologies paves amethod in detecting the current traffic status,data offloading,and cyberattacks in MEC.This study introduces an artificial intelligence with metaheuristic based data offloading technique for Secure MEC(AIMDO-SMEC)systems.The proposed AIMDO-SMEC technique incorporates an effective traffic prediction module using Siamese Neural Networks(SNN)to determine the traffic status in the MEC system.Also,an adaptive sampling cross entropy(ASCE)technique is utilized for data offloading in MEC systems.Moreover,the modified salp swarm algorithm(MSSA)with extreme gradient boosting(XGBoost)technique was implemented to identification and classification of cyberattack that exist in the MEC systems.For examining the enhanced outcomes of the AIMDO-SMEC technique,a comprehensive experimental analysis is carried out and the results demonstrated the enhanced outcomes of the AIMDOSMEC technique with the minimal completion time of tasks(CTT)of 0.680.展开更多
The rapid evolution in mobile devices and communication technology has increased the number of mobile device users dramatically. The mobile device has replaced many other devices and is used to perform many tasks rang...The rapid evolution in mobile devices and communication technology has increased the number of mobile device users dramatically. The mobile device has replaced many other devices and is used to perform many tasks ranging from establishing a phone call to performing critical and sensitive tasks like money payments. Since the mobile device is accompanying a person most of his time, it is highly probably that it includes personal and sensitive data for that person. The increased use of mobile devices in daily life made mobile systems an excellent target for attacks. One of the most important attacks is phishing attack in which an attacker tries to get the credential of the victim and impersonate him. In this paper, analysis of different types of phishing attacks on mobile devices is provided. Mitigation techniques—anti-phishing techniques—are also analyzed. Assessment of each technique and a summary of its advantages and disadvantages is provided. At the end, important steps to guard against phishing attacks are provided. The aim of the work is to put phishing attacks on mobile systems in light, and to make people aware of these attacks and how to avoid them.展开更多
Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the soft...Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.展开更多
Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the soft...Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.展开更多
文摘In an era where digital technology is paramount, higher education institutions like the University of Zambia (UNZA) are employing advanced computer networks to enhance their operational capacity and offer cutting-edge services to their academic fraternity. Spanning across the Great East Road campus, UNZA has established one of the most extensive computer networks in Zambia, serving a burgeoning community of over 20,000 active users through a Metropolitan Area Network (MAN). However, as the digital landscape continues to evolve, it is besieged with burgeoning challenges that threaten the very fabric of network integrity—cyber security threats and the imperatives of maintaining high Quality of Service (QoS). In an effort to mitigate these threats and ensure network efficiency, the development of a mobile application to monitor temperatures in the server room was imperative. According to L. Wei, X. Zeng, and T. Shen, the use of wireless sensory networks to monitor the temperature of train switchgear contact points represents a cost-effective solution. The system is based on wireless communication technology and is detailed in their paper, “A wireless solution for train switchgear contact temperature monitoring and alarming system based on wireless communication technology”, published in the International Journal of Communications, Network and System Sciences, vol. 8, no. 4, pp. 79-87, 2015 [1]. Therefore, in this study, a mobile application technology was explored for monitoring of temperatures in the server room in order to aid Cisco device performance. Additionally, this paper also explores the hardening of Cisco device security and QoS which are the cornerstones of this study.
文摘In recent years,artificial intelligence technology has developed rapidly around the world is widely used in various fields,and plays an important role.The integration of industrial Internet security with new technologies such as big models and generative artificial intelligence has become a hot research issue.In this regard,this paper briefly analyzes the industrial Internet security technology and application from the perspective of generative artificial intelligence,hoping to provide some valuable reference and reference for readers.
文摘The wireless application protocol (WAP) protocol is now the leading standard for information services on wireless terminals like digital mobile phones. By the use of WAP, wireless devices, like mobile phones, are possibly infected with virus and worms. Though up to now there is no such attack, as the usage of script languages increases, there is a chance of malicious code injection. This paper discusses the threats with current WAP protocol, and how changes in the protocol and the increase in its usage will enable entry of real viruses. Future threat scenarios are presented along with suggestions to avoid these problems.
基金This work was supported by the National Science and Technology Council,Taiwan,under Project NSTC 112-2221-E-029-015.
文摘Various mobile devices and applications are now used in daily life.These devices require high-speed data processing,low energy consumption,low communication latency,and secure data transmission,especially in 5G and 6G mobile networks.High-security cryptography guarantees that essential data can be transmitted securely;however,it increases energy consumption and reduces data processing speed.Therefore,this study proposes a low-energy data encryption(LEDE)algorithm based on the Advanced Encryption Standard(AES)for improving data transmission security and reducing the energy consumption of encryption in Internet-of-Things(IoT)devices.In the proposed LEDE algorithm,the system time parameter is employed to create a dynamic S-Box to replace the static S-Box of AES.Tests indicated that six-round LEDE encryption achieves the same security level as 10-round conventional AES encryption.This reduction in encryption time results in the LEDE algorithm having a 67.4%lower energy consumption and 43.9%shorter encryption time than conventional AES;thus,the proposed LEDE algorithm can improve the performance and the energy consumption of IoT edge devices.
基金Acknowledgements This work was supported by the National Natural ScienceFoundation of China under Grants No. 60873191, No. 60903152, No. 60821001, and the Beijing Natural Science Foundation under Grant No. 4072020.
文摘To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnerable to conventional attacks or have low efficiency so that they cannot be applied to mobile applications. In this paper, we proposed a password-authenticated multiple key exchange protocol for mobile applications using elliptic curve cryptosystem. The proposed protocol can achieve efficiency, reliability, flexibility and scalability at the same time. Compared with related works, the proposed protocol is more suitable and practical for mobile applications.
基金supported by the National Natural Science Foundation of China(No.62201313)the Opening Foundation of Fujian Key Laboratory of Sensing and Computing for Smart Cities(Xiamen University)(No.SCSCKF202101)the Open Project of Fujian Provincial Key Laboratory of Information Processing and Intelligent Control(Minjiang University)(No.MJUKF-IPIC202206).
文摘Mobile Industrial Internet of Things(IIoT)applications have achieved the explosive growth in recent years.The mobile IIoT has flourished and become the backbone of the industry,laying a solid foundation for the interconnection of all things.The variety of application scenarios has brought serious challenges to mobile IIoT networks,which face complex and changeable communication environments.Ensuring data secure transmission is critical for mobile IIoT networks.This paper investigates the data secure transmission performance prediction of mobile IIoT networks.To cut down computational complexity,we propose a data secure transmission scheme employing Transmit Antenna Selection(TAS).The novel secrecy performance expressions are first derived.Then,to realize real-time secrecy analysis,we design an improved Convolutional Neural Network(CNN)model,and propose an intelligent data secure transmission performance prediction algorithm.For mobile signals,the important features may be removed by the pooling layers.This will lead to negative effects on the secrecy performance prediction.A novel nine-layer improved CNN model is designed.Out of the input and output layers,it removes the pooling layer and contains six convolution layers.Elman,Back-Propagation(BP)and LeNet methods are employed to compare with the proposed algorithm.Through simulation analysis,good prediction accuracy is achieved by the CNN algorithm.The prediction accuracy obtains a 59%increase.
基金The authors acknowledge the support of Security Testing-Innovative Secured Systems Lab(ISSL)established at University of Engineering&Technology,Peshawar,Pakistan under the Higher Education Commission initiative of National Center for Cyber Security(Grant No.2(1078)/HEC/M&E/2018/707).
文摘Software reverse engineering is the process of analyzing a software system to extract the design and implementation details.Reverse engineering provides the source code of an application,the insight view of the architecture and the third-party dependencies.From a security perspective,it is mostly used for finding vulnerabilities and attacking or cracking an application.The process is carried out either by obtaining the code in plaintext or reading it through the binaries or mnemonics.Nowadays,reverse engineering is widely used for mobile applications and is considered a security risk.The Open Web Application Security Project(OWASP),a leading security research forum,has included reverse engineering in its top 10 list of mobile application vulnerabilities.Mobile applications are used in many sectors,e.g.,banking,education,health.In particular,the banking applications are critical in terms of security as they are used for financial transactions.A security breach of such applications can result in huge financial losses for the customers as well as the banks.There exist various tools for reverse engineering of mobile applications,however,they have deficiencies,e.g.,complex configurations,lack of detailed analysis reports.In this research work,we perform an analysis of the available tools for reverse engineering of mobile applications.Our dataset consists of the mobile banking applications of the banks providing services in Pakistan.Our results indicate that none of the existing tools can carry out the complete reverse engineering process as a standalone tool.In addition,we observe significant differences in terms of the execution time and the number of files generated by each tool for the same file.
文摘Increasing popularity of Android is making its security issue more crucial nowadays. This paper focuses on one-stop solution to secure Android device against information security and theft. Proposed application protects Android device against theft and helps to control Android device by SMS or using internet connection. By this application once the user has configured the account for anti theft, user can remotely track, sound a loud siren, lock, secretly capture photo of an intruder who tries to break in, get randomly recorded voice of intruder, get thief identity using device web history and can able to wipe all your private data. This data and tracking information will be stored in one central web server database and one can access it anytime through login.
文摘Despite only being around for a few years, mobile devices have steadily risen to become the most extensively used computer devices. Given the number of people who rely on smartphones, which can install third-party apps, it has become an increasingly important issue for end-users and service providers to ensure that both the devices and the underlying network are secure. People will become more reliant on applications such as SMS, MMS, Internet Access, Online Transactions, and so on due to such features and capabilities. Thousands of devices ranging from low-cost phones to high-end luxury phones are powered by the Android operating system, which has dominated the smartphone marketplace. It is about making it possible for people from all socioeconomic backgrounds to get and use mobile devices in their daily activities. In response to this growing popularity, the number of new applications introduced to the Android market has skyrocketed. The recent appearance of a wide range of mobile malware has caught the attention of security professionals and scholars alike. In light of the ongoing expansion of the mobile phone industry, the likelihood of it being used in criminal activities will only continue to rise in the future. This article reviews the literature on malware detection and prevention in Android mobile devices, analyzes the existing literature on major studies and tasks, and covers articles, journals, and digital resources such as Internet security publications, scientific studies, and conferences.
基金The authors extend their appreciation to the Deanship of Scientific Research at King Khalid University for funding this work under Grant Number(RGP 2/209/42)Princess Nourah bint Abdulrahman University Researchers Supporting Project Number(PNURSP2022R77),Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘Mobile edge computing(MEC)provides effective cloud services and functionality at the edge device,to improve the quality of service(QoS)of end users by offloading the high computation tasks.Currently,the introduction of deep learning(DL)and hardware technologies paves amethod in detecting the current traffic status,data offloading,and cyberattacks in MEC.This study introduces an artificial intelligence with metaheuristic based data offloading technique for Secure MEC(AIMDO-SMEC)systems.The proposed AIMDO-SMEC technique incorporates an effective traffic prediction module using Siamese Neural Networks(SNN)to determine the traffic status in the MEC system.Also,an adaptive sampling cross entropy(ASCE)technique is utilized for data offloading in MEC systems.Moreover,the modified salp swarm algorithm(MSSA)with extreme gradient boosting(XGBoost)technique was implemented to identification and classification of cyberattack that exist in the MEC systems.For examining the enhanced outcomes of the AIMDO-SMEC technique,a comprehensive experimental analysis is carried out and the results demonstrated the enhanced outcomes of the AIMDOSMEC technique with the minimal completion time of tasks(CTT)of 0.680.
文摘The rapid evolution in mobile devices and communication technology has increased the number of mobile device users dramatically. The mobile device has replaced many other devices and is used to perform many tasks ranging from establishing a phone call to performing critical and sensitive tasks like money payments. Since the mobile device is accompanying a person most of his time, it is highly probably that it includes personal and sensitive data for that person. The increased use of mobile devices in daily life made mobile systems an excellent target for attacks. One of the most important attacks is phishing attack in which an attacker tries to get the credential of the victim and impersonate him. In this paper, analysis of different types of phishing attacks on mobile devices is provided. Mitigation techniques—anti-phishing techniques—are also analyzed. Assessment of each technique and a summary of its advantages and disadvantages is provided. At the end, important steps to guard against phishing attacks are provided. The aim of the work is to put phishing attacks on mobile systems in light, and to make people aware of these attacks and how to avoid them.
文摘Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.
文摘Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.
