Wei TIAN,Xiao-hu YANG,Xiao-yao XIE

1999-01-01

Abstract:In this article,we present research work which is focused on the Electronic Taxation System and its network security on Internet.Through analysis of the procedures of taxation and considerations of some of the characteristics of the current pragmatic network security technologies,we proposed a security model of ETS with reference to the system on Internet.

Jing-yi WANG,Tian-chen ZHU,Jia-wei KANG,Bo LI

DOI: https://doi.org/10.12783/dtcse/cmee2017/20039

2018-01-01

DEStech Transactions on Computer Science and Engineering

Abstract:Facing the increasingly serious security problems in ICS, how to classify and generate threat intelligence effectively is of great importance in improving the safety of industrial control systems, helping them identify security threats and making corresponding preventions. In this paper, according to the classification of security events in the threat intelligence platform, we classify ICS security topic texts as information leakage, security vulnerabilities, network security, security suggestions, invasion, malware, or security events. Based on the OpenIOC framework, automatically analysis on the massive ICS security data can be done to generate the corresponding IOC file and obtain threat intelligence.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Jiang Wei

DOI: https://doi.org/10.1109/isra.2012.6219182

2012-01-01

Abstract:With the rapid development of the Internet and information technology, attacks over the years have become both increasingly numerous and sophisticated. In order to understanding and defending against cyber attacks, it is necessary to understand the classes of attack. In this paper, we focus on computer and network attacks and survey a taxonomy of them.

Asha S.,Shanmugapriya D.

DOI: https://doi.org/10.1016/j.future.2024.04.033

IF: 7.307

2024-04-27

Future Generation Computer Systems

Abstract:In cybersecurity, one of the most significant challenges is an insider threat, in which existing researchers must provide an extensive solution aiming at an enhanced security network. This study proposes a comprehensive taxonomy as well as a state-of-the-art research categorization according to the contribution of insider threat incidents and the defensive mechanism utilized against such insiders. The major objective of a proposed categorization is to provide structural information in the field of insider threat based on past research theories for analyzing literature review. The proposed categorization is classified into four groups: (i) dataset analysis, (ii) incident analysis, (iii) defensive solution, and (iv) encountered challenges. However, the respective taxonomies and annotations are included for complete insight into insiders. i.e., existing studies on systematic taxonomy based on incidents of insider threats are presented. The major contribution of this study in the area of insider threat is to deliver the following knowledge to upcoming domain specific researchers: (i) taxonomy in an innovative systematic approach concerning the categories of incidents and determine the possible defensive mechanism against insiders. (ii) a study on available benchmark datasets used by existing research for evaluating the defensive mechanisms. (iii) a brief description of past solutions and frameworks to model insider behavior with the aim of studying existing defensive mechanisms, and (iv) a short discussion of challenges encountered by defensive solutions based on existing research in the area of insider threat.

computer science, theory & methods

George Grispos,William Bradley Glisson,Tim Storer

DOI: https://doi.org/10.48550/arXiv.1508.02526

2015-08-11

Abstract:Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives.

Cryptography and Security,Computers and Society

杨峰,段海新,李星

DOI: https://doi.org/10.3969/j.issn.1000-3428.2003.20.005

2003-01-01

Abstract:This paper discusses the theory of incident response and an integrative definition, incident object description and exchange format based on XML, incident taxonomy. The lifecycle and state transition of incident and the cooperative transaction between IRT are proposed. Aiming at large scale network environments, a cooperative incident response system (CIRS) is designed, which implements cooperative incident response through efficient, secure information exchange among managers in different places. At the same time, the architecture of CIRS is described, as well as its five components.

Pushpinder Kaur Chouhan,Alfie Beard,Liming Chen

DOI: https://doi.org/10.48550/arXiv.2303.03070

2023-03-06

Abstract:The rapid expansion of the Internet of Things and the emergence of edge computing-based applications has led to a new wave of cyber-attacks, with intensity and complexity that has never been seen before. Historically most research has focused on Intrusion Detection Systems (IDS), however due to the volume and speed of this new generation of cyber-attacks it is no longer sufficient to solely detect attacks and leave the response to security analysts. Consequently, research into Intrusion Response Systems (IRS) is accelerating rapidly. As such, new intrusion response approaches, methods and systems have been investigated, prototyped, and deployed. This paper is intended to provide a comprehensive review of the state of the art of IRSs. Specifically, a taxonomy to characterize the lifecycle of IRSs ranging from response selection to response deployment and response implementation is presented. A 10-phase structure to organize the core technical constituents of IRSs is also presented. Following this, an extensive review and analysis of the literature on IRSs published during the past decade is provided, and further classifies them into corresponding phases based on the proposed taxonomy and phase structure. This study provides a new way of classifying IRS research, thus offering in-depth insights into the latest discoveries and findings. In addition, through critical analysis and comparison, expert views, guidance and best practices on intrusion response approaches, system development and standardization are presented, upon which future research challenges and directions are postulated.

Cryptography and Security

Ivan Homoliak,Flavio Toffalini,Juan Guarnizo,Yuval Elovici,Martín Ochoa

DOI: https://doi.org/10.48550/arXiv.1805.01612

2018-05-04

Cryptography and Security

Abstract:Insider threats are one of today's most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. Despite several scientific works published in this domain, we argue that the field can benefit from the proposed structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research, while leveraging existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include: 1) Incidents and datasets, 2) Analysis of attackers, 3) Simulations, and 4) Defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents, which is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers' efforts in the domain of insider threat, because it provides: a) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, b) an updated overview on publicly available datasets that can be used to test new detection solutions against other works, c) references of existing case studies and frameworks modeling insiders' behaviors for the purpose of reviewing defense solutions or extending their coverage, and d) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.

Junwei Zhang,Huamin Feng,Biao Liu,Dongmei Zhao

DOI: https://doi.org/10.3390/s23052608

IF: 3.9

2023-02-27

Sensors

Abstract:Network security situation awareness (NSSA) is an integral part of cybersecurity defense, and it is essential for cybersecurity managers to respond to increasingly sophisticated cyber threats. Different from traditional security measures, NSSA can identify the behavior of various activities in the network and conduct intent understanding and impact assessment from a macro perspective so as to provide reasonable decision support, predicting the development trend of network security. It is a means to analyze the network security quantitatively. Although NSSA has received extensive attention and exploration, there is a lack of comprehensive reviews of the related technologies. This paper presents a state-of-the-art study on NSSA that can help bridge the current research status and future large-scale application. First, the paper provides a concise introduction to NSSA, highlighting its development process. Then, the paper focuses on the research progress of key technologies in recent years. We further discuss the classic use cases of NSSA. Finally, the survey details various challenges and potential research directions related to NSSA.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Vasileios Mavroeidis,Siri Bromander

DOI: https://doi.org/10.1109/EISIC.2017.20

2023-08-28

Abstract:Cyber threat intelligence is the provision of evidence-based knowledge about existing or emerging threats. Benefits from threat intelligence include increased situational awareness, efficiency in security operations, and improved prevention, detection, and response capabilities. To process, correlate, and analyze vast amounts of threat information and data and derive intelligence that can be shared and consumed in meaningful times, it is required to utilize structured, machine-readable formats that incorporate the industry-required expressivity while at the same time being unambiguous. To a large extent, this is achieved with technologies like ontologies, schemas, and taxonomies. This research evaluates the coverage and high-level conceptual expressivity of cyber-threat-intelligence-relevant ontologies, sharing standards, and taxonomies pertaining to the who, what, why, where, when, and how elements of threats and attacks in addition to courses of action and technical indicators. The results confirm that little emphasis has been given to developing a comprehensive cyber threat intelligence ontology, with existing efforts being not thoroughly designed, non-interoperable, ambiguous, and lacking proper semantics and axioms for reasoning.

Cryptography and Security

George Grispos,William Bradley Glisson,Tim Storer

DOI: https://doi.org/10.48550/arXiv.1901.03723

2019-01-12

Abstract:An increasing number of cybersecurity incidents prompts organizations to explore alternative security solutions, such as threat intelligence programs. For such programs to succeed, data needs to be collected, validated, and recorded in relevant datastores. One potential source supplying these datastores is an organization's security incident response team. However, researchers have argued that these teams focus more on eradication and recovery and less on providing feedback to enhance organizational security. This prompts the idea that data collected during security incident investigations may be of insufficient quality for threat intelligence analysis. While previous discussions focus on data quality issues from threat intelligence sharing perspectives, minimal research examines the data generated during incident response investigations. This paper presents the results of a case study identifying data quality challenges in a Fortune 500 organization's incident response team. Furthermore, the paper provides the foundation for future research regarding data quality concerns in security incident response.

Cryptography and Security,Computers and Society

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.

I. Homoliak,J. Guarnizo,Martín Ochoa,Flavio Toffalini,Y. Elovici

Abstract:Insider threats are one of today’s most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. Despite several scientific works published in this domain, we argue that the field can benefit from the proposed structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research, while leveraging existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include: 1) Incidents and datasets, 2) Analysis of attackers, 3) Simulations, and 4) Defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents, which is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers’ efforts in the domain of insider threat, because it provides: a) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, b) an updated overview on publicly available datasets that can be used to test new detection solutions against other works, c) references of existing case studies and frameworks modeling insiders’ behaviors for the purpose of reviewing defense solutions or extending their coverage, and d) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.

Computer Science,Law

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan,Chenguang Lin

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.04.019

2004-01-01

Abstract:Aiming at the deficiency that is unable to provide useful security situation information encountered in the cur2 rent security evaluation systems , a hierarchical and quantitative model , which is used to evaluate security situation of net2 worked systems , and its corresponding computation method are proposed based on the importance of service , host , and the structure of the network system. This model adopts the evaluation policy from bottom to top and from local to global , calculates the risk indexes of service , host and whole network system by weighting the importance of service and host based on the analysis of attack frequency and its severity , and further evaluates their security situation. Experiments on the HoneyNet dataset show that this system can evaluate the security situation in three levels : service , host and local area network system. It provides system administrators with system intuitive security situation curve and releases them from the exhausting task of alert analysis.

闫强,陈钟,段云所,唐礼勇

DOI: https://doi.org/10.3969/j.issn.1000-3428.2003.06.001

2003-01-01

Abstract:This paper reviews the history of information system security evaluation criteria, introduces criteria which have important effect on security evaluation such as TCSEC and CC, clarifies the evaluation method and its implementation model, and introduces recent researches of other countries in this field.

Yanli Liu,Meng Cui

DOI: https://doi.org/10.1007/978-3-030-51431-0_39

2020-07-24

Abstract:Since the new century, with the gradual popularization of computer networks around the world, network security defense methods have become more sophisticated and comprehensive, but they are still unable to defend against increasingly sophisticated and increasingly globalized virus attacks. In the process of network use and promotion, the influence of viruses on the network and hackers’ attacks have become an important factor threatening network security. Especially when people use the Internet to pay funds, remittances and other online financial activities, network security has become a constant topic. Establishing an efficient network security incident response system is of great significance for the network to better play its role. Based on the research of network security monitoring, network attack defense, network data backup and recovery theory and technology, this paper studies the strategy model of network security incident response, and uses relevant theories and methods of software engineering, combined with programming languages, to achieve Related application modules of this model. This article implements a low-cost, high-performance multi-data backup and recovery system that works in conjunction with other security devices and systems in the network. The overall structure and workflow are analyzed and designed to achieve multi-point backup and Fast recovery, efficient synchronization strategy for remote data, etc. The experimental research found that the network security incident response system can effectively reduce the security risk of the internal network, with a security proportion of more than 92%.

Weiwu Ren,Liang Hu,Kuo Zhao,Bing Jia

DOI: https://doi.org/10.4028/www.scientific.net/amr.694-697.2466

2013-01-01

Advanced Materials Research

Abstract:Semantic modeling has become indispensable to integrate various specific security issues of Internet of Things. How to describe attack scenarios and how to define an intrusion unambiguously has been an urgent problem. For solving two above problems, a new three-level information security ontology model is proposed, which is an initial attempt to solve security issues by means of ontology technology. Five top classes are proposed in the domain ontology level. Then their subclasses are also proposed on the basis of actual scenarios in the local ontology level. Our intelligent laboratory, as experiment scenarios, is partly instantiated.

Wen-Lung Shiau,Xiaoqun Wang,Fei Zheng

DOI: https://doi.org/10.1016/j.im.2023.103774

2023-02-17

Abstract:Information technology brings business success opportunities, but also causes potential safety hazards to organizations. In response to the increasing academia and industry concerns regarding information security (ISec), this study systematically explored extant ISec research and identified eight core knowledge groups, including (1) intrusion detection, (2) privacy protection, (3) secure machine learning, (4) cryptosystem, (5) data service security, (6) malware analysis, (7) security decision-making, and (8) security management. The detection of research hotspots shows that data service security and risk management garner the most current research attention. Furthermore, we establish a comprehensive ISec framework to help systematically understand and achieve ISec.

information science & library science,management,computer science, information systems

Yuchong Li,Qinghui Liu

DOI: https://doi.org/10.1016/j.egyr.2021.08.126

IF: 5.2

2021-11-01

Energy Reports

Abstract:At present, most of the economic, commercial, cultural, social and governmental activities and interactions of countries, at all levels, including individuals, non-governmental organizations and government and governmental institutions, are carried out in cyberspace. Recently, many private companies and government organizations around the world are facing the problem of cyber-attacks and the danger of wireless communication technologies. Today’s world is highly dependent on electronic technology, and protecting this data from cyber-attacks is a challenging issue. The purpose of cyber-attacks is to harm companies financially. In some other cases, cyber-attacks can have military or political purposes. Some of these damages are: PC viruses, knowledge breaks, data distribution service (DDS) and other assault vectors. To this end, various organizations use various solutions to prevent damage caused by cyber-attacks. Cyber security follows real-time information on the latest IT data. So far, various methods had been proposed by researchers around the world to prevent cyber-attacks or reduce the damage caused by them. Some of the methods are in the operational phase and others are in the study phase. The aim of this study is to survey and comprehensively review the standard advances presented in the field of cyber security and to investigate the challenges, weaknesses and strengths of the proposed methods. Different types of new descendant attacks are considered in details. Standard security frameworks are discussed with the history and early-generation cyber-security methods. In addition, emerging trends and recent developments of cyber security and security threats and challenges are presented. It is expected that the comprehensive review study presented for IT and cyber security researchers will be useful.

energy & fuels