Visible to the public Biblio

Filters: Author is Yang, H.  [Clear All Filters]
2019-02-08
Zou, Z., Wang, D., Yang, H., Hou, Y., Yang, Y., Xu, W..  2018.  Research on Risk Assessment Technology of Industrial Control System Based on Attack Graph. 2018 IEEE 3rd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). :2420-2423.

In order to evaluate the network security risks and implement effective defenses in industrial control system, a risk assessment method for industrial control systems based on attack graphs is proposed. Use the concept of network security elements to translate network attacks into network state migration problems and build an industrial control network attack graph model. In view of the current subjective evaluation of expert experience, the atomic attack probability assignment method and the CVSS evaluation system were introduced to evaluate the security status of the industrial control system. Finally, taking the centralized control system of the thermal power plant as the experimental background, the case analysis is performed. The experimental results show that the method can comprehensively analyze the potential safety hazards in the industrial control system and provide basis for the safety management personnel to take effective defense measures.

2017-12-20
Che, H., Liu, Q., Zou, L., Yang, H., Zhou, D., Yu, F..  2017.  A Content-Based Phishing Email Detection Method. 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). :415–422.
Phishing emails have affected users seriously due to the enormous increasing in numbers and exquisite camouflage. Users spend much more effort on distinguishing the email properties, therefore current phishing email detection system demands more creativity and consideration in filtering for users. The proposed research tries to adopt creative computing in detecting phishing emails for users through a combination of computing techniques and social engineering concepts. In order to achieve the proposed target, the fraud type is summarised in social engineering criteria through literature review; a semantic web database is established to extract and store information; a fuzzy logic control algorithm is constructed to allocate email categories. The proposed approach will help users to distinguish the categories of emails, furthermore, to give advice based on different categories allocation. For the purpose of illustrating the approach, a case study will be presented to simulate a phishing email receiving scenario.