Visible to the public Biblio

Filters: Keyword is Business  [Clear All Filters]
Islam, Md Rofiqul, Cerny, Tomas.  2021.  Business Process Extraction Using Static Analysis. 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE). :1202–1204.
Business process mining of a large-scale project has many benefits such as finding vulnerabilities, improving processes, collecting data for data science, generating more clear and simple representation, etc. The general way of process mining is to turn event data such as application logs into insights and actions. Observing logs broad enough to depict the whole business logic scenario of a large project can become very costly due to difficult environment setup, unavailability of users, presence of not reachable or hardly reachable log statements, etc. Using static source code analysis to extract logs and arranging them perfect runtime execution order is a potential way to solve the problem and reduce the business process mining operation cost.
Goman, Maksim.  2021.  How to Improve Risk Management in IT Frameworks. 2021 62nd International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS). :1—6.
This paper continues analysis of approaches of IT risk assessment and management in modern IT management frameworks. Building on systematicity principles and the review of concepts of risk and methods of risk analysis in the frameworks, we discuss applicability of the methods for business decision-making in the real world and propose ways to their improvement.
Li, Zhihong.  2021.  Remolding of the Supply Chain Development Mode Based on the Block Chain Technology. 2021 International Conference on Computer, Blockchain and Financial Development (CBFD). :392—395.

The supply chain has been much developed with the internet technology being used in the business world. Some issues are becoming more and more evident than before in the course of the fast evolution of the supply chain. Among these issues, the remarkable problems include low efficiency of communication, insufficient operational outcomes and lack of the credit among the participants in the whole chain. The main reasons to cause these problems lie in the isolated information unable to be traced and in the unclear responsibility, etc. In recent years, the block chain technology has been growing fast. Being decentralized, traceable and unable to be distorted, the block chain technology is well suitable for solving the problems existing in the supply chain. Therefore, the paper first exposes the traditional supply chain mode and the actual situation of the supply chain management. Then it explains the block chain technology and explores the application & effects of the block chain technology in the traditional supply chain. Next, a supply chain style is designed on the base of the block chain technology. Finally the potential benefits of the remolded supply chain are foreseen if it is applied in the business field.

Hong, TingYi, Kolios, Athanasios.  2020.  A Framework for Risk Management of Large-Scale Organisation Supply Chains. 2020 International Conference on Decision Aid Sciences and Application (DASA). :948—953.
This paper establishes a novel approach to supply chain risk management (SCRM), through establishing a risk assessment framework addressing the importance of SCRM and supply chain visibility (SCV). Through a quantitative assessment and empirical evidence, the paper also discusses the specific risks within the manufacturing industry. Based on survey data collected and a case study from Asia, the paper finds that supplier delays and poor product quality can be considered as prevailing risks relevant to the manufacturing industry. However, as supply chain risks are inter-related, one must increase supply chain visibility to fully consider risk causes that ultimately lead to the risk effects. The framework established can be applied to different industries with the view to inform organisations on prevailing risks and prompt motivate improvement in supply chain visibility, thereby, modify risk management strategies. Through suggesting possible risk sources, organisations can adopt proactive risk mitigation strategies so as to more efficiently manage their exposure.
Andes, Neil, Wei, Mingkui.  2020.  District Ransomware: Static and Dynamic Analysis. 2020 8th International Symposium on Digital Forensics and Security (ISDFS). :1–6.
Ransomware is one of the fastest growing threats to internet security. New Ransomware attacks happen around the globe, on a weekly basis. These attacks happen to individual users and groups, from almost any type of business. Many of these attacks involve Ransomware as a service, where one attacker creates a template Malware, which can be purchased and modified by other attackers to perform specific actions. The District Ransomware was a less well-known strain. This work focuses on statically and dynamically analyzing the District Ransomware and presenting the results.
Abu Othman, Noor Ashitah, Norman, Azah Anir, Mat Kiah, Miss Laiha.  2021.  Information System Audit for Mobile Device Security Assessment. 2021 3rd International Cyber Resilience Conference (CRC). :1—6.
The competency to use mobile devices for work-related tasks gives advantages to the company productiveness and expedites business processes. Thus Bring Your Own Device (BYOD) setting emerge to enable work flexibility and technological compatibility. For management, employees’ productivity is important, but they could not jeopardise the security of information and data stored in the corporate network. Securing data and network becomes more complex tasks as it deals with foreign devices, i.e., devices that do not belong to the organisation. With much research focused on pre-implementation and the technical aspects of mobile device usage, post-implementation advancement is receiving less attention. IS audit as one of the post-implementation mechanisms provides performance evaluation of existing IS assets, business operations and process implementation, thus helping management formulating the best strategies in optimising IS practices. This paper discusses the feasibility of IS audit in assessing mobile device security by exploring the risks and vulnerabilities of mobile devices for organisational IS security as well as the perception of Information system management in mobile device security. By analysing related literature, authors pointed out how the references used in the current IS audit research address the mobile device security. This work serves a significant foundation in the future development in mobile device audit.
Lin, Junxiong, Xu, Yajing, Lu, Zhihui, Wu, Jie, Ye, Houhao, Huang, Wenbing, Chen, Xuzhao.  2021.  A Blockchain-Based Evidential and Secure Bulk-Commodity Supervisory System. 2021 International Conference on Service Science (ICSS). :1–6.
In recent years, the commodities industry has grown rapidly under the stimulus of domestic demand and the expansion of cross-border trade. It has also been combined with the rapid development of e-commerce technology in the same period to form a flexible and efficient e-commerce system for bulk commodities. However, the hasty combination of both has inspired a lack of effective regulatory measures in the bulk industry, leading to constant industry chaos. Among them, the problem of lagging evidence in regulatory platforms is particularly prominent. Based on this, we design a blockchain-based evidential and secure bulk-commodity supervisory system (abbr. BeBus). Setting different privacy protection policies for each participant in the system, the solution ensures effective forensics and tamper-proof evidence to meet the needs of the bulk business scenario.
Chiu, Chih-Chieh, Tsai, Pang-Wei, Yang, Chu-Sing.  2021.  PIDS: An Essential Personal Information Detection System for Small Business Enterprise. 2021 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME). :01–06.
Since the personal data protection law is on the way of many countries, how to use data mining method to secure sensitive information has become a challenge for enterprises. To make sure every employee follows company's data protection strategy, it may take lots of time and cost to seek and scan thousands of folders and files in user equipment, ensuring that the file contents meet IT security policies. Hence, this paper proposed a lightweight, pattern-based detection system, PIDS, which is expecting to enable an affordable data leakage prevention with essential cost and high efficiency in small business enterprise. For verification and evaluation, PIDS has been deployed on more than 100,000 PCs of collaboration enterprises, and the feedback shows that the system is able to approach its original design functionality for finding violated or sensitive contents efficiently.
Xiaojian, Zhang, Liandong, Chen, Jie, Fan, Xiangqun, Wang, Qi, Wang.  2021.  Power IoT Security Protection Architecture Based on Zero Trust Framework. 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP). :166–170.
The construction of the power Internet of Things has led various terminals to access the corporate network on a large scale. The internal and external business interaction and data exchange are more extensive. The current security protection system is based on border isolation protection. This is difficult to meet the needs of the power Internet of Things connection and open shared services. This paper studies the application scheme of the ``zero trust'' typical business scenario of the power Internet of Things with ``Continuous Identity Authentication and Dynamic Access Control'' as the core, and designs the power internet security protection architecture based on zero trust.
Baker, Oras, Thien, Chuong Nguyen.  2020.  A New Approach to Use Big Data Tools to Substitute Unstructured Data Warehouse. 2020 IEEE Conference on Big Data and Analytics (ICBDA). :26–31.
Data warehouse and big data have become the trend to help organise data effectively. Business data are originating in various kinds of sources with different forms from conventional structured data to unstructured data, it is the input for producing useful information essential for business sustainability. This research will navigate through the complicated designs of the common big data and data warehousing technologies to propose an effective approach to use these technologies for designing and building an unstructured textual data warehouse, a crucial and essential tool for most enterprises nowadays for decision making and gaining business competitive advantages. In this research, we utilised the IBM BigInsights Text Analytics, PostgreSQL, and Pentaho tools, an unstructured data warehouse is implemented and worked excellently with the unstructured text from Amazon review datasets, the new proposed approach creates a practical solution for building an unstructured data warehouse.
Franco, Muriel Figueredo, Rodrigues, Bruno, Scheid, Eder John, Jacobs, Arthur, Killer, Christian, Granville, Lisandro Zambenedetti, Stiller, Burkhard.  2020.  SecBot: a Business-Driven Conversational Agent for Cybersecurity Planning and Management. 2020 16th International Conference on Network and Service Management (CNSM). :1–7.
Businesses were moving during the past decades to-ward full digital models, which made companies face new threats and cyberattacks affecting their services and, consequently, their profits. To avoid negative impacts, companies' investments in cybersecurity are increasing considerably. However, Small and Medium-sized Enterprises (SMEs) operate on small budgets, minimal technical expertise, and few personnel to address cybersecurity threats. In order to address such challenges, it is essential to promote novel approaches that can intuitively present cybersecurity-related technical information.This paper introduces SecBot, a cybersecurity-driven conversational agent (i.e., chatbot) for the support of cybersecurity planning and management. SecBot applies concepts of neural networks and Natural Language Processing (NLP), to interact and extract information from a conversation. SecBot can (a) identify cyberattacks based on related symptoms, (b) indicate solutions and configurations according to business demands, and (c) provide insightful information for the decision on cybersecurity investments and risks. A formal description had been developed to describe states, transitions, a language, and a Proof-of-Concept (PoC) implementation. A case study and a performance evaluation were conducted to provide evidence of the proposed solution's feasibility and accuracy.
Xia, Shaoxian, Wang, Zheng, Hou, Zhanbin, Ye, Hongshu, Xue, Binbin, Wang, Shouzhi, Zhang, Xuecheng, Yang, Kewen.  2020.  Design of Quantum Key Fusion Model for Power Multi-terminal. 2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE). :196—199.
With the construction of State Grid informatization, professional data such as operation inspection, marketing, and regulation have gradually shifted from offline to online. In recent years, cyberspace security incidents have occurred frequently, and national and group cybersecurity threats have emerged. As the next-generation communication system, quantum security has to satisfy the security requirements. Also, it is especially important to build the fusion application of energy network quantum private communication technology and conventional network, and to form a safe and reliable quantum-level communication technology solution suitable for the power grid. In this paper, from the perspective of the multi-terminal quantum key application, combined with a mature electricity consumption information collection system, a handheld meter reading solution based on quantum private communication technology is proposed to effectively integrate the two and achieve technological upgrading. First, from the technical theory and application fields, the current situation of quantum private communication technology and its feasibility of combining with classical facilities are introduced and analyzed. Then, the hardware security module and handheld meter reading terminal equipment are taken as typical examples to design and realize quantum key shared storage, business security process application model; finally, based on the overall environment of quantum key distribution, the architecture design of multi-terminal quantum key application verification is implemented to verify the quantum key business application process.
Nooh, Sameer A..  2020.  Cloud Cryptography: User End Encryption. 2020 International Conference on Computing and Information Technology (ICCIT-1441). :1—4.
Cloud computing has made the life of individual users and work of business corporations so much easier by providing them data storage services at very low costs. Individual users can store and access their data through shared cloud storage service anywhere anytime. Similarly, business corporation consumers of cloud computing can store, manage, process and access their big data with quite an ease. However, the security and privacy of users' data remains vulnerable in cloud computing Availability, integrity and confidentiality are the three primary elements that users consider before signing up for cloud computing services. Many public and private cloud services have experienced security breaches and unauthorized access incidents. This paper suggests user end cryptography of data before uploading it to a cloud storage service platform like Google Drive, Microsoft, Amazon and CloudSim etc. The proposed cryptography algorithm is based on symmetric key cryptography model and has been implemented on Amazon S3 cloud space service.
Maalla, Allam.  2020.  Research on Data Transmission Security Architecture Design and Process. 2020 IEEE International Conference on Information Technology,Big Data and Artificial Intelligence (ICIBA). 1:1195—1199.
With the development of business, management companies are currently facing a series of problems and challenges in terms of resource allocation and task management. In terms of the technical route, this research will use cloud services to implement the public honesty system, and carry out secondary development and interface development on this basis, the architecture design and the formulation of the process are realized for various types, relying on the support of the knowledge base and case library, through the system intelligent configuration corresponding work instructions, safety work instructions, case references and other reference information to the existing work plan to provide managers Reference; managers can configure and adjust the work content by themselves through specific requirements to efficiently and flexibly adapt to the work content.
Liu, Zhibin, Liu, Ziang, Huang, Yuanyuan, Liu, Xin, Zhou, Xiaokang, Zhou, Rui.  2020.  A Research of Distributed Security and QoS Testing Framework. 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). :174—181.
Since the birth of the Internet, the quality of network service has been a widespread concerned problem. With the continuous development of communication and information technology, people gradually realized that the contradiction between the limited resources and the business requirements of network cannot be fundamentally solved. In this paper, we design and develop a distributed security quality of service testing framework called AweQoS(AwesomeQoS), to adapt to the current complex network environment. This paper puts forward the necessity that some security tests should be closely combined with quality of service testing, and further discusses the basic methods of distributed denial of service attack and defense. We introduce the design idea and working process of AweQoS in detail, and introduce a bandwidth test method based on user datagram protocol. Experimental results show that this new test method has better test performance and potential under the AweQoS framework.
Singh, Sukhpreet, Jagdev, Gagandeep.  2020.  Execution of Big Data Analytics in Automotive Industry using Hortonworks Sandbox. 2020 Indo – Taiwan 2nd International Conference on Computing, Analytics and Networks (Indo-Taiwan ICAN). :158—163.

The market landscape has undergone dramatic change because of globalization, shifting marketing conditions, cost pressure, increased competition, and volatility. Transforming the operation of businesses has been possible because of the astonishing speed at which technology has witnessed the change. The automotive industry is on the edge of a revolution. The increased customer expectations, changing ownership, self-driving vehicles and much more have led to the transformation of automobiles, applications, and services from artificial intelligence, sensors, RFID to big data analysis. Large automobiles industries have been emphasizing the collection of data to gain insight into customer's expectations, preferences, and budgets alongside competitor's policies. Statistical methods can be applied to historical data, which has been gathered from various authentic sources and can be used to identify the impact of fixed and variable marketing investments and support automakers to come up with a more effective, precise, and efficient approach to target customers. Proper analysis of supply chain data can disclose the weak links in the chain enabling to adopt timely countermeasures to minimize the adverse effects. In order to fully gain benefit from analytics, the collaboration of a detailed set of capabilities responsible for intersecting and integrating with multiple functions and teams across the business is required. The effective role played by big data analysis in the automobile industry has also been expanded in the research paper. The research paper discusses the scope and challenges of big data. The paper also elaborates on the working technology behind the concept of big data. The paper illustrates the working of MapReduce technology that executes in the back end and is responsible for performing data mining.

Zhao, Bushi, Zhang, Hao, Luo, Yixi.  2020.  Automatic Error Correction Technology for the Same Field in the Same Kind of Power Equipment Account Data. 2020 IEEE 3rd International Conference of Safe Production and Informatization (IICSPI). :153—157.
Account data of electrical power system is the link of all businesses in the whole life cycle of equipment. It is of great significance to improve the data quality of power equipment account data for improving the information level of power enterprises. In the past, there was only the error correction technology to check whether it was empty and whether it contained garbled code. The error correction technology for same field of the same kind of power equipment account data is proposed in this paper. Combined with the characteristics of production business, the possible similar power equipment can be found through the function location type and other fields of power equipment account data. Based on the principle of search scoring, the horizontal comparison is used to search and score in turn. Finally, the potential spare parts and existing data quality are identified according to the scores. And judge whether it is necessary to carry out inspection maintenance.
Zhou, X..  2020.  Improvement of information System Audit to Deal With Network Information Security. 2020 International Conference on Communications, Information System and Computer Engineering (CISCE). :93–96.
With the rapid development of information technology and the increasing popularity of information and communication technology, the information age has come. Enterprises must adapt to changes in the times, introduce network and computer technologies in a timely manner, and establish more efficient and reasonable information systems and platforms. Large-scale information system construction is inseparable from related audit work, and network security risks have become an important part of information system audit concerns. This paper analyzes the objectives and contents of information system audits under the background of network information security through theoretical analysis, and on this basis, proposes how the IS audit work will be carried out.
Ashiku, L., Dagli, C..  2020.  Agent Based Cybersecurity Model for Business Entity Risk Assessment. 2020 IEEE International Symposium on Systems Engineering (ISSE). :1—6.

Computer networks and surging advancements of innovative information technology construct a critical infrastructure for network transactions of business entities. Information exchange and data access though such infrastructure is scrutinized by adversaries for vulnerabilities that lead to cyber-attacks. This paper presents an agent-based system modelling to conceptualize and extract explicit and latent structure of the complex enterprise systems as well as human interactions within the system to determine common vulnerabilities of the entity. The model captures emergent behavior resulting from interactions of multiple network agents including the number of workstations, regular, administrator and third-party users, external and internal attacks, defense mechanisms for the network setting, and many other parameters. A risk-based approach to modelling cybersecurity of a business entity is utilized to derive the rate of attacks. A neural network model will generalize the type of attack based on network traffic features allowing dynamic state changes. Rules of engagement to generate self-organizing behavior will be leveraged to appoint a defense mechanism suitable for the attack-state of the model. The effectiveness of the model will be depicted by time-state chart that shows the number of affected assets for the different types of attacks triggered by the entity risk and the time it takes to revert into normal state. The model will also associate a relevant cost per incident occurrence that derives the need for enhancement of security solutions.

Aigner, A., Khelil, A..  2020.  An Effective Semantic Security Metric for Industrial Cyber-Physical Systems. 2020 IEEE Conference on Industrial Cyberphysical Systems (ICPS). 1:87—92.

The emergence of Industrial Cyber-Physical Systems (ICPS) in today's business world is still steadily progressing to new dimensions. Although they bring many new advantages to business processes and enable automation and a wider range of service capability, they also propose a variety of new challenges. One major challenge, which is introduced by such System-of-Systems (SoS), lies in the security aspect. As security may not have had that significant role in traditional embedded system engineering, a generic way to measure the level of security within an ICPS would provide a significant benefit for system engineers and involved stakeholders. Even though many security metrics and frameworks exist, most of them insufficiently consider an SoS context and the challenges of such environments. Therefore, we aim to define a security metric for ICPS, which measures the level of security during the system design, tests, and integration as well as at runtime. For this, we try to focus on a semantic point of view, which on one hand has not been considered in security metric definitions yet, and on the other hand allows us to handle the complexity of SoS architectures. Furthermore, our approach allows combining the critical characteristics of an ICPS, like uncertainty, required reliability, multi-criticality and safety aspects.

Xu, P., Chen, L., Jiang, Y., Sun, Q., Chen, H..  2020.  Research on Sensitivity Audit Scheme of Encrypted Data in Power Business. 2020 IEEE International Conference on Energy Internet (ICEI). :6–10.

With the rapid progress of informatization construction in power business, data resource has become the basic strategic resource of the power industry and innovative element in power production. The security protection of data in power business is particularly important in the informatization construction of power business. In order to implement data security protection, transparent encryption is one of the fifteen key technical standards in the Construction Guideline of the Standard Network Data Security System. However, data storage in the encrypted state is bound to affect the security audit of data to a certain extent. Based on this problem, this paper proposes a scheme to audit the sensitivity of the power business data under the protection of encryption to achieve an efficient sensitivity audit of ciphertext data with the premise of not revealing the decryption key or data information. Through a security demonstration, this paper fully proves that this solution is secure under the known plaintext attacks.

Chai, W. K., Pavlou, G., Kamel, G., Katsaros, K. V., Wang, N..  2019.  A Distributed Interdomain Control System for Information-Centric Content Delivery. IEEE Systems Journal. 13:1568–1579.
The Internet, the de facto platform for large-scale content distribution, suffers from two issues that limit its manageability, efficiency, and evolution. First, the IP-based Internet is host-centric and agnostic to the content being delivered and, second, the tight coupling of the control and data planes restrict its manageability, and subsequently the possibility to create dynamic alternative paths for efficient content delivery. Here, we present the CURLING system that leverages the emerging Information-Centric Networking paradigm for enabling cost-efficient Internet-scale content delivery by exploiting multicasting and in-network caching. Following the software-defined networking concept that decouples the control and data planes, CURLING adopts an interdomain hop-by-hop content resolution mechanism that allows network operators to dynamically enforce/change their network policies in locating content sources and optimizing content delivery paths. Content publishers and consumers may also control content access according to their preferences. Based on both analytical modeling and simulations using real domain-level Internet subtopologies, we demonstrate how CURLING supports efficient Internet-scale content delivery without the necessity for radical changes to the current Internet.
Zhu, L., Dong, H., Shen, M., Gai, K..  2019.  An Incentive Mechanism Using Shapley Value for Blockchain-Based Medical Data Sharing. 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). :113–118.
With the development of big data and machine learning techniques, medical data sharing for the use of disease diagnosis has received considerable attention. Blockchain, as an emerging technology, has been widely used to resolve the efficiency and security issues in medical data sharing. However, the existing studies on blockchain-based medical data sharing have rarely concerned about the reasonable incentive mechanism. In this paper, we propose a cooperation model where medical data is shared via blockchain. We derive the topological relationships among the participants consisting of data owners, miners and third parties, and gradually develop the computational process of Shapley value revenue distribution. Specifically, we explore the revenue distribution under different consensuses of blockchain. Finally, we demonstrate the incentive effect and rationality of the proposed solution by analyzing the revenue distribution.
Zaman, M., Sengupta, A., Liu, D., Sinanoglu, O., Makris, Y., Rajendran, J. J. V..  2018.  Towards provably-secure performance locking. 2018 Design, Automation Test in Europe Conference Exhibition (DATE). :1592–1597.
Locking the functionality of an integrated circuit (IC) thwarts attacks such as intellectual property (IP) piracy, hardware Trojans, overbuilding, and counterfeiting. Although functional locking has been extensively investigated, locking the performance of an IC has been little explored. In this paper, we develop provably-secure performance locking, where only on applying the correct key the IC shows superior performance; for an incorrect key, the performance of the IC degrades significantly. This leads to a new business model, where the companies can design a single IC capable of different performances for different users. We develop mathematical definitions of security and theoretically, and experimentally prove the security against the state-of-the-art-attacks. We implemented performance locking on a FabScalar microprocessor, achieving a degradation in instructions per clock cycle (IPC) of up to 77% on applying an incorrect key, with an overhead of 0.6%, 0.2%, and 0% for area, power, and delay, respectively.
Dai, J..  2018.  Situation Awareness-Oriented Cybersecurity Education. 2018 IEEE Frontiers in Education Conference (FIE). :1—8.

This Research to Practice Full Paper presents a new methodology in cybersecurity education. In the context of the cybersecurity profession, the `isolation problem' refers to the observed isolation of different knowledge units, as well as the isolation of technical and business perspectives. Due to limitations in existing cybersecurity education, professionals entering the field are often trapped in microscopic perspectives, and struggle to extend their findings to grasp the big picture in a target network scenario. Guided by a previous developed and published framework named “cross-layer situation knowledge reference model” (SKRM), which delivers comprehensive level big picture situation awareness, our new methodology targets at developing suites of teaching modules to address the above issues. The modules, featuring interactive hands-on labs that emulate real-world multiple-step attacks, will help students form a knowledge network instead of isolated conceptual knowledge units. Students will not just be required to leverage various techniques/tools to analyze breakpoints and complete individual modules; they will be required to connect logically the outputs of these techniques/tools to infer the ground truth and gain big picture awareness of the cyber situation. The modules will be able to be used separately or as a whole in a typical network security course.