E-commerce is a very active field of Internet research. A very important aspect of e-commerce is its security. Because of the variety of e-commerce applications, many security policies, protocols and techniques are in...E-commerce is a very active field of Internet research. A very important aspect of e-commerce is its security. Because of the variety of e-commerce applications, many security policies, protocols and techniques are involved in the deployment of the security. The related standards and protocols of e-commerce are studied in this paper. The general model of e-commerce security is set forth. In this model, two most important e-commerce protocols including secure sockets layer (SSL) and secure electronic transaction (SET) are analyzed. The open problems and new trends of e-commerce security are presented.展开更多
In today' s 21st century of IT, e-commerce began to develop rapidly. Among them, in the process of e-commerce implementation, it is mainly to ensure system security issues. Based primarily on this issue, we discussed...In today' s 21st century of IT, e-commerce began to develop rapidly. Among them, in the process of e-commerce implementation, it is mainly to ensure system security issues. Based primarily on this issue, we discussed issues related to certification systems, SSL protocol as well as SET protocol. In addition, the article also describes the business several other safety-related technology.展开更多
Taking the cooperation between China and Pakistan as an example,this paper expounds on the current situation,governance concept,obstacles to cooperation,and differentiated policies of Western countries in the areas of...Taking the cooperation between China and Pakistan as an example,this paper expounds on the current situation,governance concept,obstacles to cooperation,and differentiated policies of Western countries in the areas of cybersecurity,the role of new e-commerce platforms,and digital sovereignty of BRICS countries.It aims to promote inter-governmental cooperation through civil dialogue and lead information technology cooperation among developing countries through the BRICS mechanism,as well as to collaborate to establish guidelines for global cybersecurity,new e-commerce platforms,and digital sovereignty.展开更多
The security of mobile agent directly decides its usage width in e-commerce. Especially, to protect users' private information is becoming more important now and future. So an anonymous mobile agent security mechanis...The security of mobile agent directly decides its usage width in e-commerce. Especially, to protect users' private information is becoming more important now and future. So an anonymous mobile agent security mechanism with the secure authentication infrastructure based on PKI (public key infrastructure) is proposed in the paper. The multi-agent system is programmed by java language and every agent must register itself in CA (certificate authority) before working in the net and express his legit identity which is temptly produced and used only once. The CA ensures the legal of all agents' identity which take part in communicaiton or trade. And every user agent identity only is used once which makes other agents cannot decipher users' private information. The security mechanism of the multi-agent system implements anonymity, integrity, data confidentiality of mobile agent based on the MH(multiple hop) integrity protection regard to PKI limit.展开更多
Andrew Wangota,a 48-year-old Ugandan farmer,has been using agrivoltaics technology,a solar technology that uses agricultural land for both food production and solar power generation,on his farm in Bunashimolo Parish,B...Andrew Wangota,a 48-year-old Ugandan farmer,has been using agrivoltaics technology,a solar technology that uses agricultural land for both food production and solar power generation,on his farm in Bunashimolo Parish,Bukyiende Subcounty in Uganda where he has been cultivating plantain,coffee and Irish potatoes for the past 16 years.展开更多
The rapid digitalization of urban infrastructure has made smart cities increasingly vulnerable to sophisticated cyber threats.In the evolving landscape of cybersecurity,the efficacy of Intrusion Detection Systems(IDS)...The rapid digitalization of urban infrastructure has made smart cities increasingly vulnerable to sophisticated cyber threats.In the evolving landscape of cybersecurity,the efficacy of Intrusion Detection Systems(IDS)is increasingly measured by technical performance,operational usability,and adaptability.This study introduces and rigorously evaluates a Human-Computer Interaction(HCI)-Integrated IDS with the utilization of Convolutional Neural Network(CNN),CNN-Long Short Term Memory(LSTM),and Random Forest(RF)against both a Baseline Machine Learning(ML)and a Traditional IDS model,through an extensive experimental framework encompassing many performance metrics,including detection latency,accuracy,alert prioritization,classification errors,system throughput,usability,ROC-AUC,precision-recall,confusion matrix analysis,and statistical accuracy measures.Our findings consistently demonstrate the superiority of the HCI-Integrated approach utilizing three major datasets(CICIDS 2017,KDD Cup 1999,and UNSW-NB15).Experimental results indicate that the HCI-Integrated model outperforms its counterparts,achieving an AUC-ROC of 0.99,a precision of 0.93,and a recall of 0.96,while maintaining the lowest false positive rate(0.03)and the fastest detection time(~1.5 s).These findings validate the efficacy of incorporating HCI to enhance anomaly detection capabilities,improve responsiveness,and reduce alert fatigue in critical smart city applications.It achieves markedly lower detection times,higher accuracy across all threat categories,reduced false positive and false negative rates,and enhanced system throughput under concurrent load conditions.The HCIIntegrated IDS excels in alert contextualization and prioritization,offering more actionable insights while minimizing analyst fatigue.Usability feedback underscores increased analyst confidence and operational clarity,reinforcing the importance of user-centered design.These results collectively position the HCI-Integrated IDS as a highly effective,scalable,and human-aligned solution for modern threat detection environments.展开更多
Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code err...Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code errors, code conceptual <span style="font-family:Verdana;">assumptions bugs</span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">,</span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;"> etc. Most existing security practices in e-Commerce are</span></span></span><span><span><span style="font-family:;" "=""><span style="font-family:Verdana;"> dealt with as an auditing activity. They may have policies of security, which are enforced by auditors who enable a particular set of items to be reviewed, but </span><span style="font-family:Verdana;">also fail to find vulnerabilities, which have been established in complianc</span><span style="font-family:Verdana;">e </span><span style="font-family:Verdana;">with application logic. In this paper, we will investigate the problem of business</span><span style="font-family:Verdana;"> logic vulnerability in the component-based rapid development of e-commerce applications while reusing design specification of component. We propose secure application functional processing Logic Security technique for compo</span><span style="font-family:Verdana;">nent-based e-commerce application, based on security requirement of</span><span style="font-family:Verdana;"> e-business </span><span style="font-family:Verdana;">process and security assurance logical component behaviour specification</span><span style="font-family:Verdana;"> ap</span><span style="font-family:Verdana;">proach to formulize and design a solution for business logic vulnerability</span><span style="font-family:Verdana;"> phenomena.</span></span></span></span>展开更多
The rise of electronic commerce has broken the traditional trading mode, changed people' s production and life, has gradually become an important factor of regional economic development. The paper comprehensively dis...The rise of electronic commerce has broken the traditional trading mode, changed people' s production and life, has gradually become an important factor of regional economic development. The paper comprehensively discuss on present situation and characteristics of electronic commerce development in our country, on basis of it, the paper analyze electronic commerce major impact on regional economic development, and put forward to strengthen the development of e-commerce related strategies to promote regional economic development role.展开更多
Electronic Commerce (E-Commerce) was created to help expand the market share network through the internet without the boundaries of space and time. However, behind all the benefits obtained, E-Commerce also raises the...Electronic Commerce (E-Commerce) was created to help expand the market share network through the internet without the boundaries of space and time. However, behind all the benefits obtained, E-Commerce also raises the issue of consumer concerns about the responsibility for personal data that has been recorded and collected by E-Commerce companies. The personal data is in the form of consumer identity names, passwords, debit and credit card numbers, conversations in email, as well as information related to consumer requests. In Indonesia, cyber attacks have occurred several times against 3 major E-Commerce companies in Indonesia. In 2019, users’ personal data in the form of email addresses, telephone numbers, and residential addresses were sold on the deep web at Bukalapak and Tokopedia. Even though E-Commerce affected by the cyber attack already has a Computer Security Incident Response Team (CSIRT) by recruiting various security engineers, both defense and attack, this system still has a weakness, namely that the CSIRT operates in the aspect of handling and experimenting with defense, not yet on how to store data and prepare for forensics. CSIRT will do the same thing again, and so on. This is called an iterative procedure, one day the attack will come back and only be done with technical handling. Previous research has succeeded in revealing that organizations that have Knowledge Management (KM), the organization has succeeded in reducing costs up to four times from the original without using KM in the cyber security operations. The author provides a solution to create a knowledge management strategy for handling cyber incidents in CSIRT E-Commerce in Indonesia. This research resulted in 4 KM Processes and 2 KM Enablers which were then translated into concrete actions. The KM Processes are Knowledge Creation, Knowledge Storing, Knowledge Sharing, and Knowledge Utilizing. While the KM Enabler is Technology Infrastructure and People Competency.展开更多
The integration of the digital economy with the traditional sales industry has prompted the robust growth of e-commerce.Live-streaming e-commerce,as a novel business model,has gained immense popularity.However,is⁃sues...The integration of the digital economy with the traditional sales industry has prompted the robust growth of e-commerce.Live-streaming e-commerce,as a novel business model,has gained immense popularity.However,is⁃sues of regulatory loopholes and inefficacy continue to surface.In live-streaming e-commerce,the head anchor,as host of the live-streaming rooms,wields significant influence in determining the goods to be showcased and marketed.Such influence expands risks such as infringement of intellectual property rights.Yet the uncertainty in law concerning the identity of head anchors results in a lack of accountability.Current norms are inadequate in constraining the group of head anchors.Drawing on the principles of risk control,the alignment between benefit and risk,and the theory of so⁃cial cost control,this paper argues that it is both justifiable and feasible to impose a duty to exercise reasonable care on head anchors.To effectively enshrine this duty in law,it is of great importance to redefine the mechanism of identifying the duty of care of head anchors in live-streaming e-commerce.In particular,the contents of the duty of care under⁃taken by head anchors and the consequences of breaching such a duty of care should be clarified.展开更多
Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widel...Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widely utilized across various domains,such as smart grids,smart healthcare systems,smart vehicles,and smart manufacturing,among others.Due to their unique spatial distribution,CPSs are highly vulnerable to cyber-attacks,which may result in severe performance degradation and even system instability.Consequently,the security concerns of CPSs have attracted significant attention in recent years.In this paper,a comprehensive survey on the security issues of CPSs under cyber-attacks is provided.Firstly,mathematical descriptions of various types of cyberattacks are introduced in detail.Secondly,two types of secure estimation and control processing schemes,including robust methods and active methods,are reviewed.Thirdly,research findings related to secure control and estimation problems for different types of CPSs are summarized.Finally,the survey is concluded by outlining the challenges and suggesting potential research directions for the future.展开更多
The integration of artificial intelligence(AI)technology,particularly large language models(LLMs),has become essential across various sectors due to their advanced language comprehension and generation capabilities.De...The integration of artificial intelligence(AI)technology,particularly large language models(LLMs),has become essential across various sectors due to their advanced language comprehension and generation capabilities.Despite their transformative impact in fields such as machine translation and intelligent dialogue systems,LLMs face significant challenges.These challenges include safety,security,and privacy concerns that undermine their trustworthiness and effectiveness,such as hallucinations,backdoor attacks,and privacy leakage.Previous works often conflated safety issues with security concerns.In contrast,our study provides clearer and more reasonable definitions for safety,security,and privacy within the context of LLMs.Building on these definitions,we provide a comprehensive overview of the vulnerabilities and defense mechanisms related to safety,security,and privacy in LLMs.Additionally,we explore the unique research challenges posed by LLMs and suggest potential avenues for future research,aiming to enhance the robustness and reliability of LLMs in the face of emerging threats.展开更多
This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 emp...This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 employees across 78 SMEs, qualitative interviews, and case studies, the research examines how psychological factors influence cybersecurity behaviors and policy effectiveness. Key findings reveal significant correlations between psychological factors and security outcomes, including the relationship between self-efficacy and policy compliance (r = 0.42, p β = 0.37, p < 0.001). The study identifies critical challenges in risk perception, policy complexity, and organizational culture affecting SME cybersecurity implementation. Results demonstrate that successful cybersecurity initiatives require the integration of psychological principles with technical solutions. The research provides a framework for developing human-centric security policies that address both behavioral and technical aspects of cybersecurity in resource-constrained environments.展开更多
Cross-border e-commerce,as a new form of international trade,has shown great development potential in the context of the“Belt and Road”initiative.Based on the cross-border e-commerce export data from 2015 to 2024,th...Cross-border e-commerce,as a new form of international trade,has shown great development potential in the context of the“Belt and Road”initiative.Based on the cross-border e-commerce export data from 2015 to 2024,this paper analyzes the influencing factors of China's cross-border e-commerce exports to countries along the“Belt and Road”by constructing an econometric model.The study found that factors such as the perfection of digital infrastructure,the efficiency of logistics and transportation,the convenience of payment and settlement,and the penetration rate of consumers online shopping significantly affect the export scale of cross-border e-commerce.Institutional factors such as the development level of e-commerce platforms in countries along the route,market access thresholds,and tariff policies also play an important role.Based on the research results,suggestions are put forward to strengthen the construction of cross-border payment system,optimize the logistics distribution network,promote customs clearance facilitation,and deepen cooperation in the field of e-commerce,to provide references for promoting the development of China's crossborder e-commerce exports to countries along the“Belt and Road.”展开更多
The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by phy...The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by physical attacks,EMP(electromagnetic pulse)events,or cyberattacks,such disruptions could cripple essential services like water supply,healthcare,communication,and transportation.Research indicates that an attack on just nine key substations could result in a coast-to-coast blackout lasting up to 18 months,leading to economic collapse,civil unrest,and a breakdown of public order.This paper explores the key vulnerabilities of the grid,the potential impacts of prolonged blackouts,and the role of AI(artificial intelligence)and ML(machine learning)in mitigating these threats.AI-driven cybersecurity measures,predictive maintenance,automated threat response,and EMP resilience strategies are discussed as essential solutions to bolster grid security.Policy recommendations emphasize the need for hardened infrastructure,enhanced cybersecurity,redundant power systems,and AI-based grid management to ensure national resilience.Without proactive measures,the nation remains exposed to a catastrophic power grid failure that could have dire consequences for society and the economy.展开更多
Software security poses substantial risks to our society because software has become part of our life. Numerous techniques have been proposed to resolve or mitigate the impact of software security issues. Among them, ...Software security poses substantial risks to our society because software has become part of our life. Numerous techniques have been proposed to resolve or mitigate the impact of software security issues. Among them, software testing and analysis are two of the critical methods, which significantly benefit from the advancements in deep learning technologies. Due to the successful use of deep learning in software security, recently,researchers have explored the potential of using large language models(LLMs) in this area. In this paper, we systematically review the results focusing on LLMs in software security. We analyze the topics of fuzzing, unit test, program repair, bug reproduction, data-driven bug detection, and bug triage. We deconstruct these techniques into several stages and analyze how LLMs can be used in the stages. We also discuss the future directions of using LLMs in software security, including the future directions for the existing use of LLMs and extensions from conventional deep learning research.展开更多
ChatGPT is a powerful artificial intelligence(AI)language model that has demonstrated significant improvements in various natural language processing(NLP) tasks. However, like any technology, it presents potential sec...ChatGPT is a powerful artificial intelligence(AI)language model that has demonstrated significant improvements in various natural language processing(NLP) tasks. However, like any technology, it presents potential security risks that need to be carefully evaluated and addressed. In this survey, we provide an overview of the current state of research on security of using ChatGPT, with aspects of bias, disinformation, ethics, misuse,attacks and privacy. We review and discuss the literature on these topics and highlight open research questions and future directions.Through this survey, we aim to contribute to the academic discourse on AI security, enriching the understanding of potential risks and mitigations. We anticipate that this survey will be valuable for various stakeholders involved in AI development and usage, including AI researchers, developers, policy makers, and end-users.展开更多
The accelerated advancement of the Internet of Things(IoT)has generated substantial data,including sensitive and private information.Consequently,it is imperative to guarantee the security of data sharing.While facili...The accelerated advancement of the Internet of Things(IoT)has generated substantial data,including sensitive and private information.Consequently,it is imperative to guarantee the security of data sharing.While facilitating fine-grained access control,Ciphertext Policy Attribute-Based Encryption(CP-ABE)can effectively ensure the confidentiality of shared data.Nevertheless,the conventional centralized CP-ABE scheme is plagued by the issues of keymisuse,key escrow,and large computation,which will result in security risks.This paper suggests a lightweight IoT data security sharing scheme that integrates blockchain technology and CP-ABE to address the abovementioned issues.The integrity and traceability of shared data are guaranteed by the use of blockchain technology to store and verify access transactions.The encryption and decryption operations of the CP-ABE algorithm have been implemented using elliptic curve scalarmultiplication to accommodate lightweight IoT devices,as opposed to themore arithmetic bilinear pairing found in the traditional CP-ABE algorithm.Additionally,a portion of the computation is delegated to the edge nodes to alleviate the computational burden on users.A distributed key management method is proposed to address the issues of key escrow andmisuse.Thismethod employs the edge blockchain to facilitate the storage and distribution of attribute private keys.Meanwhile,data security sharing is enhanced by combining off-chain and on-chain ciphertext storage.The security and performance analysis indicates that the proposed scheme is more efficient and secure.展开更多
文摘E-commerce is a very active field of Internet research. A very important aspect of e-commerce is its security. Because of the variety of e-commerce applications, many security policies, protocols and techniques are involved in the deployment of the security. The related standards and protocols of e-commerce are studied in this paper. The general model of e-commerce security is set forth. In this model, two most important e-commerce protocols including secure sockets layer (SSL) and secure electronic transaction (SET) are analyzed. The open problems and new trends of e-commerce security are presented.
文摘In today' s 21st century of IT, e-commerce began to develop rapidly. Among them, in the process of e-commerce implementation, it is mainly to ensure system security issues. Based primarily on this issue, we discussed issues related to certification systems, SSL protocol as well as SET protocol. In addition, the article also describes the business several other safety-related technology.
文摘Taking the cooperation between China and Pakistan as an example,this paper expounds on the current situation,governance concept,obstacles to cooperation,and differentiated policies of Western countries in the areas of cybersecurity,the role of new e-commerce platforms,and digital sovereignty of BRICS countries.It aims to promote inter-governmental cooperation through civil dialogue and lead information technology cooperation among developing countries through the BRICS mechanism,as well as to collaborate to establish guidelines for global cybersecurity,new e-commerce platforms,and digital sovereignty.
基金Supported by the National Natural Science Foun-dation of China (50077007) the Youth Teacher Foundation ofNorth China Electric Power University (20051101)
文摘The security of mobile agent directly decides its usage width in e-commerce. Especially, to protect users' private information is becoming more important now and future. So an anonymous mobile agent security mechanism with the secure authentication infrastructure based on PKI (public key infrastructure) is proposed in the paper. The multi-agent system is programmed by java language and every agent must register itself in CA (certificate authority) before working in the net and express his legit identity which is temptly produced and used only once. The CA ensures the legal of all agents' identity which take part in communicaiton or trade. And every user agent identity only is used once which makes other agents cannot decipher users' private information. The security mechanism of the multi-agent system implements anonymity, integrity, data confidentiality of mobile agent based on the MH(multiple hop) integrity protection regard to PKI limit.
文摘Andrew Wangota,a 48-year-old Ugandan farmer,has been using agrivoltaics technology,a solar technology that uses agricultural land for both food production and solar power generation,on his farm in Bunashimolo Parish,Bukyiende Subcounty in Uganda where he has been cultivating plantain,coffee and Irish potatoes for the past 16 years.
基金funded and supported by the Ongoing Research Funding program(ORF-2025-314),King Saud University,Riyadh,Saudi Arabia.
文摘The rapid digitalization of urban infrastructure has made smart cities increasingly vulnerable to sophisticated cyber threats.In the evolving landscape of cybersecurity,the efficacy of Intrusion Detection Systems(IDS)is increasingly measured by technical performance,operational usability,and adaptability.This study introduces and rigorously evaluates a Human-Computer Interaction(HCI)-Integrated IDS with the utilization of Convolutional Neural Network(CNN),CNN-Long Short Term Memory(LSTM),and Random Forest(RF)against both a Baseline Machine Learning(ML)and a Traditional IDS model,through an extensive experimental framework encompassing many performance metrics,including detection latency,accuracy,alert prioritization,classification errors,system throughput,usability,ROC-AUC,precision-recall,confusion matrix analysis,and statistical accuracy measures.Our findings consistently demonstrate the superiority of the HCI-Integrated approach utilizing three major datasets(CICIDS 2017,KDD Cup 1999,and UNSW-NB15).Experimental results indicate that the HCI-Integrated model outperforms its counterparts,achieving an AUC-ROC of 0.99,a precision of 0.93,and a recall of 0.96,while maintaining the lowest false positive rate(0.03)and the fastest detection time(~1.5 s).These findings validate the efficacy of incorporating HCI to enhance anomaly detection capabilities,improve responsiveness,and reduce alert fatigue in critical smart city applications.It achieves markedly lower detection times,higher accuracy across all threat categories,reduced false positive and false negative rates,and enhanced system throughput under concurrent load conditions.The HCIIntegrated IDS excels in alert contextualization and prioritization,offering more actionable insights while minimizing analyst fatigue.Usability feedback underscores increased analyst confidence and operational clarity,reinforcing the importance of user-centered design.These results collectively position the HCI-Integrated IDS as a highly effective,scalable,and human-aligned solution for modern threat detection environments.
文摘Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code errors, code conceptual <span style="font-family:Verdana;">assumptions bugs</span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">,</span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;"> etc. Most existing security practices in e-Commerce are</span></span></span><span><span><span style="font-family:;" "=""><span style="font-family:Verdana;"> dealt with as an auditing activity. They may have policies of security, which are enforced by auditors who enable a particular set of items to be reviewed, but </span><span style="font-family:Verdana;">also fail to find vulnerabilities, which have been established in complianc</span><span style="font-family:Verdana;">e </span><span style="font-family:Verdana;">with application logic. In this paper, we will investigate the problem of business</span><span style="font-family:Verdana;"> logic vulnerability in the component-based rapid development of e-commerce applications while reusing design specification of component. We propose secure application functional processing Logic Security technique for compo</span><span style="font-family:Verdana;">nent-based e-commerce application, based on security requirement of</span><span style="font-family:Verdana;"> e-business </span><span style="font-family:Verdana;">process and security assurance logical component behaviour specification</span><span style="font-family:Verdana;"> ap</span><span style="font-family:Verdana;">proach to formulize and design a solution for business logic vulnerability</span><span style="font-family:Verdana;"> phenomena.</span></span></span></span>
文摘The rise of electronic commerce has broken the traditional trading mode, changed people' s production and life, has gradually become an important factor of regional economic development. The paper comprehensively discuss on present situation and characteristics of electronic commerce development in our country, on basis of it, the paper analyze electronic commerce major impact on regional economic development, and put forward to strengthen the development of e-commerce related strategies to promote regional economic development role.
文摘Electronic Commerce (E-Commerce) was created to help expand the market share network through the internet without the boundaries of space and time. However, behind all the benefits obtained, E-Commerce also raises the issue of consumer concerns about the responsibility for personal data that has been recorded and collected by E-Commerce companies. The personal data is in the form of consumer identity names, passwords, debit and credit card numbers, conversations in email, as well as information related to consumer requests. In Indonesia, cyber attacks have occurred several times against 3 major E-Commerce companies in Indonesia. In 2019, users’ personal data in the form of email addresses, telephone numbers, and residential addresses were sold on the deep web at Bukalapak and Tokopedia. Even though E-Commerce affected by the cyber attack already has a Computer Security Incident Response Team (CSIRT) by recruiting various security engineers, both defense and attack, this system still has a weakness, namely that the CSIRT operates in the aspect of handling and experimenting with defense, not yet on how to store data and prepare for forensics. CSIRT will do the same thing again, and so on. This is called an iterative procedure, one day the attack will come back and only be done with technical handling. Previous research has succeeded in revealing that organizations that have Knowledge Management (KM), the organization has succeeded in reducing costs up to four times from the original without using KM in the cyber security operations. The author provides a solution to create a knowledge management strategy for handling cyber incidents in CSIRT E-Commerce in Indonesia. This research resulted in 4 KM Processes and 2 KM Enablers which were then translated into concrete actions. The KM Processes are Knowledge Creation, Knowledge Storing, Knowledge Sharing, and Knowledge Utilizing. While the KM Enabler is Technology Infrastructure and People Competency.
文摘The integration of the digital economy with the traditional sales industry has prompted the robust growth of e-commerce.Live-streaming e-commerce,as a novel business model,has gained immense popularity.However,is⁃sues of regulatory loopholes and inefficacy continue to surface.In live-streaming e-commerce,the head anchor,as host of the live-streaming rooms,wields significant influence in determining the goods to be showcased and marketed.Such influence expands risks such as infringement of intellectual property rights.Yet the uncertainty in law concerning the identity of head anchors results in a lack of accountability.Current norms are inadequate in constraining the group of head anchors.Drawing on the principles of risk control,the alignment between benefit and risk,and the theory of so⁃cial cost control,this paper argues that it is both justifiable and feasible to impose a duty to exercise reasonable care on head anchors.To effectively enshrine this duty in law,it is of great importance to redefine the mechanism of identifying the duty of care of head anchors in live-streaming e-commerce.In particular,the contents of the duty of care under⁃taken by head anchors and the consequences of breaching such a duty of care should be clarified.
文摘Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widely utilized across various domains,such as smart grids,smart healthcare systems,smart vehicles,and smart manufacturing,among others.Due to their unique spatial distribution,CPSs are highly vulnerable to cyber-attacks,which may result in severe performance degradation and even system instability.Consequently,the security concerns of CPSs have attracted significant attention in recent years.In this paper,a comprehensive survey on the security issues of CPSs under cyber-attacks is provided.Firstly,mathematical descriptions of various types of cyberattacks are introduced in detail.Secondly,two types of secure estimation and control processing schemes,including robust methods and active methods,are reviewed.Thirdly,research findings related to secure control and estimation problems for different types of CPSs are summarized.Finally,the survey is concluded by outlining the challenges and suggesting potential research directions for the future.
基金supported by the National Key R&D Program of China under Grant No.2022YFB3103500the National Natural Science Foundation of China under Grants No.62402087 and No.62020106013+3 种基金the Sichuan Science and Technology Program under Grant No.2023ZYD0142the Chengdu Science and Technology Program under Grant No.2023-XT00-00002-GXthe Fundamental Research Funds for Chinese Central Universities under Grants No.ZYGX2020ZB027 and No.Y030232063003002the Postdoctoral Innovation Talents Support Program under Grant No.BX20230060.
文摘The integration of artificial intelligence(AI)technology,particularly large language models(LLMs),has become essential across various sectors due to their advanced language comprehension and generation capabilities.Despite their transformative impact in fields such as machine translation and intelligent dialogue systems,LLMs face significant challenges.These challenges include safety,security,and privacy concerns that undermine their trustworthiness and effectiveness,such as hallucinations,backdoor attacks,and privacy leakage.Previous works often conflated safety issues with security concerns.In contrast,our study provides clearer and more reasonable definitions for safety,security,and privacy within the context of LLMs.Building on these definitions,we provide a comprehensive overview of the vulnerabilities and defense mechanisms related to safety,security,and privacy in LLMs.Additionally,we explore the unique research challenges posed by LLMs and suggest potential avenues for future research,aiming to enhance the robustness and reliability of LLMs in the face of emerging threats.
文摘This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 employees across 78 SMEs, qualitative interviews, and case studies, the research examines how psychological factors influence cybersecurity behaviors and policy effectiveness. Key findings reveal significant correlations between psychological factors and security outcomes, including the relationship between self-efficacy and policy compliance (r = 0.42, p β = 0.37, p < 0.001). The study identifies critical challenges in risk perception, policy complexity, and organizational culture affecting SME cybersecurity implementation. Results demonstrate that successful cybersecurity initiatives require the integration of psychological principles with technical solutions. The research provides a framework for developing human-centric security policies that address both behavioral and technical aspects of cybersecurity in resource-constrained environments.
文摘Cross-border e-commerce,as a new form of international trade,has shown great development potential in the context of the“Belt and Road”initiative.Based on the cross-border e-commerce export data from 2015 to 2024,this paper analyzes the influencing factors of China's cross-border e-commerce exports to countries along the“Belt and Road”by constructing an econometric model.The study found that factors such as the perfection of digital infrastructure,the efficiency of logistics and transportation,the convenience of payment and settlement,and the penetration rate of consumers online shopping significantly affect the export scale of cross-border e-commerce.Institutional factors such as the development level of e-commerce platforms in countries along the route,market access thresholds,and tariff policies also play an important role.Based on the research results,suggestions are put forward to strengthen the construction of cross-border payment system,optimize the logistics distribution network,promote customs clearance facilitation,and deepen cooperation in the field of e-commerce,to provide references for promoting the development of China's crossborder e-commerce exports to countries along the“Belt and Road.”
文摘The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by physical attacks,EMP(electromagnetic pulse)events,or cyberattacks,such disruptions could cripple essential services like water supply,healthcare,communication,and transportation.Research indicates that an attack on just nine key substations could result in a coast-to-coast blackout lasting up to 18 months,leading to economic collapse,civil unrest,and a breakdown of public order.This paper explores the key vulnerabilities of the grid,the potential impacts of prolonged blackouts,and the role of AI(artificial intelligence)and ML(machine learning)in mitigating these threats.AI-driven cybersecurity measures,predictive maintenance,automated threat response,and EMP resilience strategies are discussed as essential solutions to bolster grid security.Policy recommendations emphasize the need for hardened infrastructure,enhanced cybersecurity,redundant power systems,and AI-based grid management to ensure national resilience.Without proactive measures,the nation remains exposed to a catastrophic power grid failure that could have dire consequences for society and the economy.
文摘Software security poses substantial risks to our society because software has become part of our life. Numerous techniques have been proposed to resolve or mitigate the impact of software security issues. Among them, software testing and analysis are two of the critical methods, which significantly benefit from the advancements in deep learning technologies. Due to the successful use of deep learning in software security, recently,researchers have explored the potential of using large language models(LLMs) in this area. In this paper, we systematically review the results focusing on LLMs in software security. We analyze the topics of fuzzing, unit test, program repair, bug reproduction, data-driven bug detection, and bug triage. We deconstruct these techniques into several stages and analyze how LLMs can be used in the stages. We also discuss the future directions of using LLMs in software security, including the future directions for the existing use of LLMs and extensions from conventional deep learning research.
文摘ChatGPT is a powerful artificial intelligence(AI)language model that has demonstrated significant improvements in various natural language processing(NLP) tasks. However, like any technology, it presents potential security risks that need to be carefully evaluated and addressed. In this survey, we provide an overview of the current state of research on security of using ChatGPT, with aspects of bias, disinformation, ethics, misuse,attacks and privacy. We review and discuss the literature on these topics and highlight open research questions and future directions.Through this survey, we aim to contribute to the academic discourse on AI security, enriching the understanding of potential risks and mitigations. We anticipate that this survey will be valuable for various stakeholders involved in AI development and usage, including AI researchers, developers, policy makers, and end-users.
文摘The accelerated advancement of the Internet of Things(IoT)has generated substantial data,including sensitive and private information.Consequently,it is imperative to guarantee the security of data sharing.While facilitating fine-grained access control,Ciphertext Policy Attribute-Based Encryption(CP-ABE)can effectively ensure the confidentiality of shared data.Nevertheless,the conventional centralized CP-ABE scheme is plagued by the issues of keymisuse,key escrow,and large computation,which will result in security risks.This paper suggests a lightweight IoT data security sharing scheme that integrates blockchain technology and CP-ABE to address the abovementioned issues.The integrity and traceability of shared data are guaranteed by the use of blockchain technology to store and verify access transactions.The encryption and decryption operations of the CP-ABE algorithm have been implemented using elliptic curve scalarmultiplication to accommodate lightweight IoT devices,as opposed to themore arithmetic bilinear pairing found in the traditional CP-ABE algorithm.Additionally,a portion of the computation is delegated to the edge nodes to alleviate the computational burden on users.A distributed key management method is proposed to address the issues of key escrow andmisuse.Thismethod employs the edge blockchain to facilitate the storage and distribution of attribute private keys.Meanwhile,data security sharing is enhanced by combining off-chain and on-chain ciphertext storage.The security and performance analysis indicates that the proposed scheme is more efficient and secure.
