Visible to the public Biblio

Found 1044 results

Filters: Keyword is Collaboration  [Clear All Filters]
Tadeo, Diego Antonio García, John, S.Franklin, Bhaumik, Ankan, Neware, Rahul, Yamsani, Nagendar, Kapila, Dhiraj.  2021.  Empirical Analysis of Security Enabled Cloud Computing Strategy Using Artificial Intelligence. 2021 International Conference on Computing Sciences (ICCS). :83—85.
Cloud Computing (CC) has emerged as an on-demand accessible tool in different practical applications such as digital industry, academics, manufacturing, health sector and others. In this paper different security threats faced by CC are discussed with suitable examples. Moreover, an artificial intelligence based security enabled CC is also discussed based on suitable empirical data. It is found that an artificial neural network (ANN) is an effective system to detect the level of risk factors associated with CC along with mitigating those risk issues with appropriate algorithms. Hence, it provides a desired level of protection against cyber attacks, internal confidential threats and external threat of data theft from a cloud computing system. Levenberg–Marquardt (LMBP) algorithms are also found as a significant tool to estimate the level of security performance around a cloud computing system. ANN is used to improve the performance level of data security across a cloud computing network and make it security enabled to ensure a protected data transmission to clients associated with the system.
Lin, Wei.  2021.  Network Information Security Management in the Era of Big Data. 2021 2nd International Conference on Information Science and Education (ICISE-IE). :806—809.
With the advent of the era of big data, information technology has been rapidly developed and the application of computers has been popularized. However, network technology is a double-edged sword. While providing convenience, it also faces many problems, among which there are many hidden dangers of network information security. Based on this, based on the era background of big data, the network information security analysis, explore the main network security problems, and elaborate computer information network security matters needing attention, to strengthen the network security management, and put forward countermeasures, so as to improve the level of network security.
Li, Qiqi, Wu, Peng, Han, Ling, Bi, Danyang, Zeng, Zheng.  2021.  A Study of Identifier Resolution Security Strategy Based on Security Domains. 2021 3rd International Academic Exchange Conference on Science and Technology Innovation (IAECST). :359—362.
The widespread application of industrial Internet identifiers has increased the security risks of industrial Internet and identifier resolution system. In order to improve the security capabilities of identifier resolution system, this paper analyzes the security challenges faced by identifier resolution system at this stage, and in line with the concept of layered security defense in depth, divides the security domains of identifier resolution system and proposes a multi-level security strategy based on security domains by deploying appropriate protective measures in each security domain.
Li, Shengyu, Meng, Fanjun, Zhang, Dashun, Liu, Qingqing, Lu, Li, Ye, Yalan.  2021.  Research on Security Defense System of Industrial Control Network. 2021 IEEE 2nd International Conference on Information Technology, Big Data and Artificial Intelligence (ICIBA). 2:631—635.
The importance of the security of industrial control network has become increasingly prominent. Aiming at the defects of main security protection system in the intelligent manufacturing industrial control network, we propose a security attack risk detection and defense, and emergency processing capability synchronization technology system suitable for the intelligent manufacturing industrial control system. Integrating system control and network security theories, a flexible and reconfigurable system-wide security architecture method is proposed. On the basis of considering the high availability and strong real-time of the system, our research centers on key technologies supporting system-wide security analysis, defense strategy deployment and synchronization, including weak supervision system reinforcement and pattern matching, etc.. Our research is helpful to solve the problem of industrial control network of “old but full of loopholes” caused by the long-term closed development of the production network of important parts, and alleviate the contradiction between the high availability of the production system and the relatively backward security defense measures.
Shipunov, Ilya S., Nyrkov, Anatoliy P., Ryabenkov, Maksim U., Morozova, Elena V., Goloskokov, Konstantin P..  2021.  Investigation of Computer Incidents as an Important Component in the Security of Maritime Transportation. 2021 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus). :657—660.
The risk of detecting incidents in the field of computer technology in Maritime transport is considered. The structure of the computer incident investigation system and its functions are given. The system of conducting investigations of computer incidents on sea transport is considered. A possible algorithm for investigating the incident using the tools of forensic science and an algorithm for transmitting the received data for further processing are presented.
Hou, Jundan, Jia, Xiang.  2021.  Research on enterprise network security system. 2021 2nd International Conference on Computer Science and Management Technology (ICCSMT). :216—219.
With the development of openness, sharing and interconnection of computer network, the architecture of enterprise network becomes more and more complex, and various network security problems appear. Threat Intelligence(TI) Analysis and situation awareness(SA) are the prediction and analysis technology of enterprise security risk, while intrusion detection technology belongs to active defense technology. In order to ensure the safe operation of computer network system, we must establish a multi-level and comprehensive security system. This paper analyzes many security risks faced by enterprise computer network, and integrates threat intelligence analysis, security situation assessment, intrusion detection and other technologies to build a comprehensive enterprise security system to ensure the security of large enterprise network.
Singh, Karan Kumar, B S, Radhika, Shyamasundar, R K.  2021.  SEFlowViz: A Visualization Tool for SELinux Policy Analysis. 2021 12th International Conference on Information and Communication Systems (ICICS). :439—444.
SELinux policies used in practice are generally large and complex. As a result, it is difficult for the policy writers to completely understand the policy and ensure that the policy meets the intended security goals. To remedy this, we have developed a tool called SEFlowViz that helps in visualizing the information flows of a policy and thereby helps in creating flow-secure policies. The tool uses the graph database Neo4j to visualize the policy. Along with visualization, the tool also supports extracting various information regarding the policy and its components through queries. Furthermore, the tool also supports the addition and deletion of rules which is useful in converting inconsistent policies into consistent policies.
Banasode, Praveen, Padmannavar, Sunita.  2021.  Evaluation of Performance for Big Data Security Using Advanced Cryptography Policy. 2021 International Conference on Forensics, Analytics, Big Data, Security (FABS). 1:1—5.
The revolution caused by the advanced analysis features of Internet of Things and big data have made a big turnaround in the digital world. Data analysis is not only limited to collect useful data but also useful in analyzing information quickly. Therefore, most of the variants of the shared system based on the parallel structural model are explored simultaneously as the appropriate big data storage library stimulates researchers’ interest in the distributed system. Due to the emerging digital technologies, different groups such as healthcare facilities, financial institutions, e-commerce, food service and supply chain management generate a surprising amount of information. Although the process of statistical analysis is essential, it can cause significant security and privacy issues. Therefore, the analysis of data privacy protection is very important. Using the platform, technology should focus on providing Advanced Cryptography Policy (ACP). This research explores different security risks, evolutionary mechanisms and risks of privacy protection. It further recommends the post-statistical modern privacy protection act to manage data privacy protection in binary format, because it is kept confidential by the user. The user authentication program has already filed access restrictions. To maintain this purpose, everyone’s attitude is to achieve a changing identity. This article is designed to protect the privacy of users and propose a new system of restoration of controls.
Iskandar, Olimov, Yusuf, Boriyev, Mahmudjon, Sadikov, Azizbek, Xudoyberdiyev, Javohir, Ismanaliyev.  2021.  Analysis of existing standards for information security assessment. 2021 International Conference on Information Science and Communications Technologies (ICISCT). :1—3.
This article is devoted to the existing standards for assessing the state of information security, which provides a classification and comparative analysis of standards for assessing the state of information.
Li, Shuang, Zhang, Meng, Li, Che, Zhou, Yue, Wang, Kanghui, Deng, Yaru.  2021.  Mobile APP Personal Information Security Detection and Analysis. 2021 IEEE/ACIS 19th International Conference on Computer and Information Science (ICIS). :82—87.
Privacy protection is a vital part of information security. However, the excessive collections and uses of personal information have intensified in the area of mobile apps (applications). To comprehend the current situation of APP personal information security problem of APP, this paper uses a combined approach of static analysis technology, dynamic analysis technology, and manual review to detect and analyze the installed file of mobile apps. 40 mobile apps are detected as experimental samples. The results demonstrate that this combined approach can effectively detect various issues of personal information security problem in mobile apps. Statistics analysis of the experimental results demonstrate that mobile apps have outstanding problems in some aspects of personal information security such as privacy policy, permission application, information collection, data storage, etc.
Stokkink, Quinten, Ishmaev, Georgy, Epema, Dick, Pouwelse, Johan.  2021.  A Truly Self-Sovereign Identity System. 2021 IEEE 46th Conference on Local Computer Networks (LCN). :1–8.
Existing digital identity management systems fail to deliver the desirable properties of control by the users of their own identity data, credibility of disclosed identity data, and network-level anonymity. The recently proposed Self-Sovereign Identity (SSI) approach promises to give users these properties. However, we argue that without addressing privacy at the network level, SSI systems cannot deliver on this promise. In this paper we present the design and analysis of our solution TCID, created in collaboration with the Dutch government. TCID is a system consisting of a set of components that together satisfy seven functional requirements to guarantee the desirable system properties. We show that the latency incurred by network-level anonymization in TCID is significantly larger than that of identity data disclosure protocols but is still low enough for practical situations. We conclude that current research on SSI is too narrowly focused on these data disclosure protocols.
Kaneko, Tomoko, Yoshioka, Nobukazu, Sasaki, Ryoichi.  2021.  Cyber-Security Incident Analysis by Causal Analysis using System Theory (CAST). 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C). :806–815.
STAMP (System Theoretic Accident Model and Processes) is one of the theories that has been attracting attention as a new safety analysis method for complex systems. CAST (Causal Analysis using System Theory) is a causal analysis method based on STAMP theory. The authors investigated an information security incident case, “AIST (National Institute of Advanced Industrial Science and Technology) report on unauthorized access to information systems,” and attempted accident analysis using CAST. We investigated whether CAST could be applied to the cyber security analysis. Since CAST is a safety accident analysis technique, this study was the first to apply CAST to cyber security incidents. Its effectiveness was confirmed from the viewpoint of the following three research questions. Q1:Features of CAST as an accident analysis method Q2:Applicability and impact on security accident analysis Q3:Understanding cyber security incidents with a five-layer model.
Pan, Qianqian, Wu, Jun, Lin, Xi, Li, Jianhua.  2021.  Side-Channel Analysis-Based Model Extraction on Intelligent CPS: An Information Theory Perspective. 2021 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics (Cybermatics). :254–261.
The intelligent cyber-physical system (CPS) has been applied in various fields, covering multiple critical infras-tructures and human daily life support areas. CPS Security is a major concern and of critical importance, especially the security of the intelligent control component. Side-channel analysis (SCA) is the common threat exploiting the weaknesses in system operation to extract information of the intelligent CPS. However, existing literature lacks the systematic theo-retical analysis of the side-channel attacks on the intelligent CPS, without the ability to quantify and measure the leaked information. To address these issues, we propose the SCA-based model extraction attack on intelligent CPS. First, we design an efficient and novel SCA-based model extraction framework, including the threat model, hierarchical attack process, and the multiple micro-space parallel search enabled weight extraction algorithm. Secondly, an information theory-empowered analy-sis model for side-channel attacks on intelligent CPS is built. We propose a mutual information-based quantification method and derive the capacity of side-channel attacks on intelligent CPS, formulating the amount of information leakage through side channels. Thirdly, we develop the theoretical bounds of the leaked information over multiple attack queries based on the data processing inequality and properties of entropy. These convergence bounds provide theoretical means to estimate the amount of information leaked. Finally, experimental evaluation, including real-world experiments, demonstrates the effective-ness of the proposed SCA-based model extraction algorithm and the information theory-based analysis method in intelligent CPS.
Ryabko, Boris.  2021.  Application of algorithmic information theory to calibrate tests of random number generators. 2021 XVII International Symposium "Problems of Redundancy in Information and Control Systems" (REDUNDANCY). :61–65.
Currently, statistical tests for random number generators (RNGs) are widely used in practice, and some of them are even included in information security standards. But despite the popularity of RNGs, consistent tests are known only for stationary ergodic deviations of randomness (a test is consistent if it detects any deviations from a given class when the sample size goes to infinity). However, the model of a stationary ergodic source is too narrow for some RNGs, in particular, for generators based on physical effects. In this article, we propose computable consistent tests for some classes of deviations more general than stationary ergodic and describe some general properties of statistical tests. The proposed approach and the resulting test are based on the ideas and methods of information theory.
Ilina, D. V., Eryshov, V. G..  2021.  Analytical Model of Actions of the Information Security Violator on Covert Extraction of Confidential Information Processed on the Protected Object. 2021 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF). :1–4.
The article describes an analytical model of the actions of an information security violator for the secret extraction of confidential information processed on the protected object in terms of the theory of Markov random processes. The characteristics of the existing models are given, as well as the requirements that are imposed on the model for simulating the process. All model states are described in detail, as well as the data flow that is used in the process simulation. The model is represented as a directed state graph. It also describes the option for evaluating the data obtained during modeling. In the modern world, with the developing methods and means of covert extraction of information, the problem of assessing the damage that can be caused by the theft of the organization's data is acute. This model can be used to build a model of information security threats.
Selifanov, Valentin V., Doroshenko, Ivan E., Troeglazova, Anna V., Maksudov, Midat M..  2021.  Acceptable Variants Formation Methods of Organizational Structure and the Automated Information Security Management System Structure. 2021 XV International Scientific-Technical Conference on Actual Problems Of Electronic Instrument Engineering (APEIE). :631–635.
To ensure comprehensive information protection, it is necessary to use various means of information protection, distributed by levels and segments of the information system. This creates a contradiction, which consists in the presence of many different means of information protection and the inability to ensure their joint coordinated application in ensuring the protection of information due to the lack of an automated control system. One of the tasks that contribute to the solution of this problem is the task of generating a feasible organizational structure and the structure of such an automated control system, the results of which would provide these options and choose the one that is optimal under given initial parameters and limitations. The problem is solved by reducing the General task with particular splitting the original graph of the automated cyber defense control system into subgraphs. As a result, the organizational composition and the automated cyber defense management system structures will provide a set of acceptable variants, on the basis of which the optimal choice is made under the given initial parameters and restrictions. As a result, admissible variants for the formation technique of organizational structure and structure by the automated control system of cyber defense is received.
Min, Huang, Li, Cheng Yun.  2021.  Construction of information security risk assessment model based on static game. 2021 6th International Symposium on Computer and Information Processing Technology (ISCIPT). :647–650.
Game theory is a branch of modern mathematics, which is a mathematical method to study how decision-makers should make decisions in order to strive for the maximum interests in the process of competition. In this paper, from the perspective of offensive and defensive confrontation, using game theory for reference, we build a dynamic evaluation model of information system security risk based on static game model. By using heisani transformation, the uncertainty of strategic risk of offensive and defensive sides is transformed into the uncertainty of each other's type. The security risk of pure defense strategy and mixed defense strategy is analyzed quantitatively, On this basis, an information security risk assessment algorithm based on static game model is designed.
Ogundoyin, Sunday Oyinlola, Kamil, Ismaila Adeniyi.  2021.  A Lightweight Authentication and Key Agreement Protocol for Secure Fog-to-Fog Collaboration. 2021 IEEE International Mediterranean Conference on Communications and Networking (MeditCom). :348—353.
The fusion of peer-to-peer (P2P) fog network and the traditional three-tier fog computing architecture allows fog devices to conjointly pool their resources together for improved service provisioning and better bandwidth utilization. However, any unauthorized access to the fog network may have calamitous consequences. In this paper, a new lightweight two-party authenticated and key agreement (AKA) protocol is proposed for fog-to-fog collaboration. The security analysis of the protocol reveals that it is resilient to possible attacks. Moreover, the validation of the protocol conducted using the broadly-accepted Automated Verification of internet Security Protocols and Applications (AVISPA) shows that it is safe for practical deployment. The performance evaluation in terms of computation and communication overheads demonstrates its transcendence over the state-of-the-art protocols.
Jiang, Hongpu, Yuan, Yuyu, Guo, Ting, Zhao, Pengqian.  2021.  Measuring Trust and Automatic Verification in Multi-Agent Systems. 2021 8th International Conference on Dependable Systems and Their Applications (DSA). :271—277.
Due to the shortage of resources and services, agents are often in competition with each other. Excessive competition will lead to a social dilemma. Under the viewpoint of breaking social dilemma, we present a novel trust-based logic framework called Trust Computation Logic (TCL) for measure method to find the best partners to collaborate and automatically verifying trust in Multi-Agent Systems (MASs). TCL starts from defining trust state in Multi-Agent Systems, which is based on contradistinction between behavior in trust behavior library and in observation. In particular, a set of reasoning postulates along with formal proofs were put forward to support our measure process. Moreover, we introduce symbolic model checking algorithms to formally and automatically verify the system. Finally, the trust measure method and reported experimental results were evaluated by using DeepMind’s Sequential Social Dilemma (SSD) multi-agent game-theoretic environments.
Liu, Zhihao, Wang, Qiang, Li, Yongjian, Zhao, Yongxin.  2021.  CMSS: Collaborative Modeling of Safety and Security Requirements for Network Protocols. 2021 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom). :185—192.
Analyzing safety and security requirements remains a difficult task in the development of real-life network protocols. Although numerous modeling and analyzing methods have been proposed in the past decades, most of them handle safety and security requirements separately without considering their interplay. In this work, we propose a collaborative modeling framework that enables co-analysis of safety and security requirements for network protocols. Our modeling framework is based on a well-defined type system and supports modeling of network topology, message flows, protocol behaviors and attacker behaviors. It also supports the specification of safety requirements as temporal logical formulae and typical security requirements as queries, and leverages on the existing verification tools for formal safety and security analysis via model transformations. We have implemented this framework in a prototype tool CMSS, and illustrated the capability of CMSS by using the 5G AKA initialization protocol as a case study.
Wang, Junchao, Pang, Jianmin, Shan, Zheng, Wei, Jin, Yao, Jinyang, Liu, Fudong.  2021.  A Software Diversity-Based Lab in Operating System for Cyber Security Students. 2021 IEEE 3rd International Conference on Computer Science and Educational Informatization (CSEI). :296—299.
The course of operating system's labs usually fall behind the state of art technology. In this paper, we propose a Software Diversity-Assisted Defense (SDAD) lab based on software diversity, mainly targeting for students majoring in cyber security and computer science. This lab is consisted of multiple modules and covers most of the important concepts and principles in operating systems. Thus, the knowledge learned from the theoretical course will be deepened with the lab. For students majoring in cyber security, they can learn this new software diversity-based defense technology and understand how an exploit works from the attacker's side. The experiment is also quite stretchable, which can fit all level students.
Zhang, Dayin, Chen, Xiaojun, Shi, Jinqiao, Wang, Dakui, Zeng, Shuai.  2021.  A Differential Privacy Collaborative Deep Learning Algorithm in Pervasive Edge Computing Environment. 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :347—354.

With the development of 5G technology and intelligent terminals, the future direction of the Industrial Internet of Things (IIoT) evolution is Pervasive Edge Computing (PEC). In the pervasive edge computing environment, intelligent terminals can perform calculations and data processing. By migrating part of the original cloud computing model's calculations to intelligent terminals, the intelligent terminal can complete model training without uploading local data to a remote server. Pervasive edge computing solves the problem of data islands and is also successfully applied in scenarios such as vehicle interconnection and video surveillance. However, pervasive edge computing is facing great security problems. Suppose the remote server is honest but curious. In that case, it can still design algorithms for the intelligent terminal to execute and infer sensitive content such as their identity data and private pictures through the information returned by the intelligent terminal. In this paper, we research the problem of honest but curious remote servers infringing intelligent terminal privacy and propose a differential privacy collaborative deep learning algorithm in the pervasive edge computing environment. We use a Gaussian mechanism that meets the differential privacy guarantee to add noise on the first layer of the neural network to protect the data of the intelligent terminal and use analytical moments accountant technology to track the cumulative privacy loss. Experiments show that with the Gaussian mechanism, the training data of intelligent terminals can be protected reduction inaccuracy.

Yuan, Rui, Wang, Xinna, Xu, Jiangmin, Meng, Shunmei.  2021.  A Differential-Privacy-based hybrid collaborative recommendation method with factorization and regression. 2021 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). :389—396.
Recommender systems have been proved to be effective techniques to provide users with better experiences. However, when a recommender knows the user's preference characteristics or gets their sensitive information, then a series of privacy concerns are raised. A amount of solutions in the literature have been proposed to enhance privacy protection degree of recommender systems. Although the existing solutions have enhanced the protection, they led to a decrease in recommendation accuracy simultaneously. In this paper, we propose a security-aware hybrid recommendation method by combining the factorization and regression techniques. Specifically, the differential privacy mechanism is integrated into data pre-processing for data encryption. Firstly data are perturbed to satisfy differential privacy and transported to the recommender. Then the recommender calculates the aggregated data. However, applying differential privacy raises utility issues of low recommendation accuracy, meanwhile the use of a single model may cause overfitting. In order to tackle this challenge, we adopt a fusion prediction model by combining linear regression (LR) and matrix factorization (MF) for collaborative recommendation. With the MovieLens dataset, we evaluate the recommendation accuracy and regression of our recommender system and demonstrate that our system performs better than the existing recommender system under privacy requirement.
N, Praveena., Vivekanandan, K..  2021.  A Study on Shilling Attack Identification in SAN using Collaborative Filtering Method based Recommender Systems. 2021 International Conference on Computer Communication and Informatics (ICCCI). :1—5.
In Social Aware Network (SAN) model, the elementary actions focus on investigating the attributes and behaviors of the customer. This analysis of customer attributes facilitate in the design of highly active and improved protocols. In specific, the recommender systems are highly vulnerable to the shilling attack. The recommender system provides the solution to solve the issues like information overload. Collaborative filtering based recommender systems are susceptible to shilling attack known as profile injection attacks. In the shilling attack, the malicious users bias the output of the system's recommendations by adding the fake profiles. The attacker exploits the customer reviews, customer ratings and fake data for the processing of recommendation level. It is essential to detect the shilling attack in the network for sustaining the reliability and fairness of the recommender systems. This article reviews the most prominent issues and challenges of shilling attack. This paper presents the literature survey which is contributed in focusing of shilling attack and also describes the merits and demerits with its evaluation metrics like attack detection accuracy, precision and recall along with different datasets used for identifying the shilling attack in SAN network.
Zhuravchak, Danyil, Ustyianovych, Taras, Dudykevych, Valery, Venny, Bogdan, Ruda, Khrystyna.  2021.  Ransomware Prevention System Design based on File Symbolic Linking Honeypots. 2021 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). 1:284–287.
The data-driven period produces more and more security-related challenges that even experts can hardly deal with. One of the most complex threats is ransomware, which is very taxing and devastating to detect and mainly prevent. Our research methods showed significant results in identifying ransomware processes using the honeypot concept augmented with symbolic linking to reduce damage made to the file system. The CIA (confidentiality, integrity, availability) metrics have been adhered to. We propose to optimize the malware process termination procedure and introduce an artificial intelligence-human collaboration to enhance ransomware classification and detection.