Sea lines of communication(SLOCs)security has long been a strategic concern for major powers.Following the establishment of the People’s Republic of China,the country’s focus was on the traditional security aspects ...Sea lines of communication(SLOCs)security has long been a strategic concern for major powers.Following the establishment of the People’s Republic of China,the country’s focus was on the traditional security aspects of its SLOCs.Since the reform and opening-up era-and especially after the end of the Cold War-China has shifted its emphasis toward economic security.China’s SLOCs security bears on multiple dimensions of a holistic approach to national security,encompassing economic security,the safety of its citizens.展开更多
Recently,the 2025 Central Conference on Work Related to Neighboring Countries was held in Beijing.As an important theoretical innovation,the conference emphasized for the first time pursuing“the model of security for...Recently,the 2025 Central Conference on Work Related to Neighboring Countries was held in Beijing.As an important theoretical innovation,the conference emphasized for the first time pursuing“the model of security for Asia that features sharing weal and woe,seeking common ground while shelving differences,and prioritizing dialogue and consultation.”1 This fully demonstrates that China prioritizes neighborhood on its diplomatic agenda,regards security and stability in its neighborhood as a core strategic support,and is ready to collaborate with neighboring countries for a future of shared peace,development,and prosperity.展开更多
Security is the cor nerstone of a country's peace and stability and the prerequisite for its survival and development.All countries around the world regard security as their top priority.Since most Asian countries...Security is the cor nerstone of a country's peace and stability and the prerequisite for its survival and development.All countries around the world regard security as their top priority.Since most Asian countries suffered from colonial aggression and plundering for a long time in history,they as a whole attach special importance to national security.展开更多
In response to the current gaps in ef-fective proactive defense methods within applica-tion security and the limited integration of security components with applications,this paper proposes a biomimetic security model...In response to the current gaps in ef-fective proactive defense methods within applica-tion security and the limited integration of security components with applications,this paper proposes a biomimetic security model,called NeuroShield,specifically designed for web applications.Inspired by the“perception-strategy-effect-feedback”mechanism of the human nervous control system,the model inte-grates biomimetic elements akin of neural receptors and effectors into applications.This integration fa-cilitates a multifaceted approach to security:enabling data introspection for detailed perception and regula-tion of application behavior,providing proactive de-fense capabilities to detect and block security risks in real-time,and incorporating feedback optimization to continuously adjust and enhance security strategies based on prevailing conditions.Experimental results affirm the efficacy of this neural control mechanism-based biomimetic security model,demonstrating a proactive defense success rate exceeding 95%,thereby offering a theoretical and structural foundation for biomimetic immunity in web applications.展开更多
The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by phy...The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by physical attacks,EMP(electromagnetic pulse)events,or cyberattacks,such disruptions could cripple essential services like water supply,healthcare,communication,and transportation.Research indicates that an attack on just nine key substations could result in a coast-to-coast blackout lasting up to 18 months,leading to economic collapse,civil unrest,and a breakdown of public order.This paper explores the key vulnerabilities of the grid,the potential impacts of prolonged blackouts,and the role of AI(artificial intelligence)and ML(machine learning)in mitigating these threats.AI-driven cybersecurity measures,predictive maintenance,automated threat response,and EMP resilience strategies are discussed as essential solutions to bolster grid security.Policy recommendations emphasize the need for hardened infrastructure,enhanced cybersecurity,redundant power systems,and AI-based grid management to ensure national resilience.Without proactive measures,the nation remains exposed to a catastrophic power grid failure that could have dire consequences for society and the economy.展开更多
In 2024, as the world underwent profound political changes, global security faced increasing instabilities and uncertainties. Traditional and non-traditional security threats interacted and overlapped, and the risk of...In 2024, as the world underwent profound political changes, global security faced increasing instabilities and uncertainties. Traditional and non-traditional security threats interacted and overlapped, and the risk of turmoil increased. Strategic trust among major powers continued to erode, leading to heightened insecurity and intensified competition.展开更多
In recent years,China and Indonesia have made notable progress in multiple areas of security cooperation,and their collaboration in this respect has continued to deepen under the leadership of both countries.In Novemb...In recent years,China and Indonesia have made notable progress in multiple areas of security cooperation,and their collaboration in this respect has continued to deepen under the leadership of both countries.In November 2024,China and Indonesia issued a joint statement during Indonesian President Prabowo Subianto’s visit to China.It was his first overseas trip after his inauguration.In the statement,the two countries agreed to add security cooperation as the fifth pillar of their partnership,marking an upgrade of bilateral ties.展开更多
The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security....The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.展开更多
Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniq...Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniques coming up rapidly.The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle(SDLC)by analyzing the articles published in the last two decades and to propose a way forward.This review follows Kitchenham’s review protocol.The review has been divided into three main stages including planning,execution,and analysis.From the selected 100 articles,it becomes evident that need of a collaborative approach is necessary for addressing critical software security risks(CSSRs)through effective risk management/estimation techniques.Quantifying risks using a numeric scale enables a comprehensive understanding of their severity,facilitating focused resource allocation and mitigation efforts.Through a comprehensive understanding of potential vulnerabilities and proactive mitigation efforts facilitated by protection poker,organizations can prioritize resources effectively to ensure the successful outcome of projects and initiatives in today’s dynamic threat landscape.The review reveals that threat analysis and security testing are needed to develop automated tools for the future.Accurate estimation of effort required to prioritize potential security risks is a big challenge in software security.The accuracy of effort estimation can be further improved by exploring new techniques,particularly those involving deep learning.It is also imperative to validate these effort estimation methods to ensure all potential security threats are addressed.Another challenge is selecting the right model for each specific security threat.To achieve a comprehensive evaluation,researchers should use well-known benchmark checklists.展开更多
Small-drone technology has opened a range of new applications for aerial transportation. These drones leverage the Internet of Things (IoT) to offer cross-location services for navigation. However, they are susceptibl...Small-drone technology has opened a range of new applications for aerial transportation. These drones leverage the Internet of Things (IoT) to offer cross-location services for navigation. However, they are susceptible to security and privacy threats due to hardware and architectural issues. Although small drones hold promise for expansion in both civil and defense sectors, they have safety, security, and privacy threats. Addressing these challenges is crucial to maintaining the security and uninterrupted operations of these drones. In this regard, this study investigates security, and preservation concerning both the drones and Internet of Drones (IoD), emphasizing the significance of creating drone networks that are secure and can robustly withstand interceptions and intrusions. The proposed framework incorporates a weighted voting ensemble model comprising three convolutional neural network (CNN) models to enhance intrusion detection within the network. The employed CNNs are customized 1D models optimized to obtain better performance. The output from these CNNs is voted using a weighted criterion using a 0.4, 0.3, and 0.3 ratio for three CNNs, respectively. Experiments involve using multiple benchmark datasets, achieving an impressive accuracy of up to 99.89% on drone data. The proposed model shows promising results concerning precision, recall, and F1 as indicated by their obtained values of 99.92%, 99.98%, and 99.97%, respectively. Furthermore, cross-validation and performance comparison with existing works is also carried out. Findings indicate that the proposed approach offers a prospective solution for detecting security threats for aerial systems and satellite systems with high accuracy.展开更多
Ensuring information security in the quantum era is a growing challenge due to advancements in cryptographic attacks and the emergence of quantum computing.To address these concerns,this paper presents the mathematica...Ensuring information security in the quantum era is a growing challenge due to advancements in cryptographic attacks and the emergence of quantum computing.To address these concerns,this paper presents the mathematical and computer modeling of a novel two-dimensional(2D)chaotic system for secure key generation in quantum image encryption(QIE).The proposed map employs trigonometric perturbations in conjunction with rational-saturation functions and hence,named as Trigonometric-Rational-Saturation(TRS)map.Through rigorous mathematical analysis and computational simulations,the map is extensively evaluated for bifurcation behaviour,chaotic trajectories,and Lyapunov exponents.The security evaluation validates the map’s non-linearity,unpredictability,and sensitive dependence on initial conditions.In addition,the proposed TRS map has further been tested by integrating it in a QIE scheme.The QIE scheme first quantum-encodes the classic image using the Novel Enhanced Quantum Representation(NEQR)technique,the TRS map is used for the generation of secure diffusion key,which is XOR-ed with the quantum-ready image to obtain the encrypted images.The security evaluation of the QIE scheme demonstrates superior security of the encrypted images in terms of statistical security attacks and also against Differential attacks.The encrypted images exhibit zero correlation and maximum entropy with demonstrating strong resilience due to 99.62%and 33.47%results for Number of Pixels Change Rate(NPCR)and Unified Average Changing Intensity(UACI).The results validate the effectiveness of TRS-based quantum encryption scheme in securing digital images against emerging quantum threats,making it suitable for secure image encryption in IoT and edge-based applications.展开更多
This paper reviews the history and lessons of global oil crises while exploring the establishment of a quantitative evaluation model for oil security with Chinese characteristics.Using principal component analysis,it ...This paper reviews the history and lessons of global oil crises while exploring the establishment of a quantitative evaluation model for oil security with Chinese characteristics.Using principal component analysis,it constructs an oil security evaluation indicator system for China with two main-level indicators:foreign oil dependency and its impacts,and market intervention and security assurance.展开更多
IoT has emerged as a game-changing technology that connects numerous gadgets to networks for communication,processing,and real-time monitoring across diverse applications.Due to their heterogeneous nature and constrai...IoT has emerged as a game-changing technology that connects numerous gadgets to networks for communication,processing,and real-time monitoring across diverse applications.Due to their heterogeneous nature and constrained resources,as well as the growing trend of using smart gadgets,there are privacy and security issues that are not adequately managed by conventional securitymeasures.This review offers a thorough analysis of contemporary AI solutions designed to enhance security within IoT ecosystems.The intersection of AI technologies,including ML,and blockchain,with IoT privacy and security is systematically examined,focusing on their efficacy in addressing core security issues.The methodology involves a detailed exploration of existing literature and research on AI-driven privacy-preserving security mechanisms in IoT.The reviewed solutions are categorized based on their ability to tackle specific security challenges.The review highlights key advancements,evaluates their practical applications,and identifies prevailing research gaps and challenges.The findings indicate that AI solutions,particularly those leveraging ML and blockchain,offerpromising enhancements to IoT privacy and security by improving threat detection capabilities and ensuring data integrity.This paper highlights how AI technologies might strengthen IoT privacy and security and offer suggestions for upcoming studies intended to address enduring problems and improve the robustness of IoT networks.展开更多
With the integration of informatization and intelligence into the Communication-Based Train Control(CBTC)systems,the system is facing an increasing number of information security threats.As an important method of char...With the integration of informatization and intelligence into the Communication-Based Train Control(CBTC)systems,the system is facing an increasing number of information security threats.As an important method of characterizing the system security status,the security situation assessment is used to analyze the system security situation.However,existing situation assessment methods fail to integrate the coupling relationship between the physical layer and the information layer of the CBTC systems,and cannot dynamically characterize the real-time security situation changes under cyber attacks.In this paper,a hierarchical security situation assessment approach is proposed to address the security challenges of CBTC systems,which can perceive cyber attacks,quantify the security situation,and characterize the security situation changes under cyber attacks.Specifically,for the physical layer ofCBTC systems,the impact of cyber attacks is evaluated with the train punctuality rate and train departure interval indicators.For the information layer of CBTC systems,the system vulnerabilities and system threats are selected as static level indicators,and the critical network characteristics are selected as dynamic level indicators to quantify the real-time security situation.Finally,the comprehensive security situation assessment value of the CBTC systems is obtained by integrating the physical and information layer indicators.Simulation results illustrate that the proposed approach can dynamically characterize the real-time security situation of CBTC systems,enhancing the ability to perceive and assess information security risks.展开更多
Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall c...Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.展开更多
This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 emp...This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 employees across 78 SMEs, qualitative interviews, and case studies, the research examines how psychological factors influence cybersecurity behaviors and policy effectiveness. Key findings reveal significant correlations between psychological factors and security outcomes, including the relationship between self-efficacy and policy compliance (r = 0.42, p β = 0.37, p < 0.001). The study identifies critical challenges in risk perception, policy complexity, and organizational culture affecting SME cybersecurity implementation. Results demonstrate that successful cybersecurity initiatives require the integration of psychological principles with technical solutions. The research provides a framework for developing human-centric security policies that address both behavioral and technical aspects of cybersecurity in resource-constrained environments.展开更多
A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built...A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built-in security measures, even though it can effectively handle and store enormous datasets using the Hadoop Distributed File System (HDFS). The increasing number of data breaches emphasizes how urgently creative encryption techniques are needed in cloud-based big data settings. This paper presents Adaptive Attribute-Based Honey Encryption (AABHE), a state-of-the-art technique that combines honey encryption with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to provide improved data security. Even if intercepted, AABHE makes sure that sensitive data cannot be accessed by unauthorized parties. With a focus on protecting huge files in HDFS, the suggested approach achieves 98% security robustness and 95% encryption efficiency, outperforming other encryption methods including Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Key-Policy Attribute-Based Encryption (KB-ABE), and Advanced Encryption Standard combined with Attribute-Based Encryption (AES+ABE). By fixing Hadoop’s security flaws, AABHE fortifies its protections against data breaches and enhances Hadoop’s dependability as a platform for processing and storing massive amounts of data.展开更多
With the rapid development of information technology, the deep integration of the financial sector and the internet has become a key driving force for economic growth. However, while this trend brings convenience, it ...With the rapid development of information technology, the deep integration of the financial sector and the internet has become a key driving force for economic growth. However, while this trend brings convenience, it also poses significant cybersecurity challenges to the financial sector. This study comprehensively analyzes the current state, challenges, and protective measures of cybersecurity in the financial sector, aiming to provide important references for financial institutions in formulating cybersecurity strategies and enhancing risk management.展开更多
As a major principle underlying the Communist Party of China's(CPC)governance in the new era and a core piece of its holistic approach to national security,ensuring both development and security emphasizes compreh...As a major principle underlying the Communist Party of China's(CPC)governance in the new era and a core piece of its holistic approach to national security,ensuring both development and security emphasizes comprehensive governance from a long-term perspective and influences the world with its global vision.It keeps pace with the times by prioritizing innovative areas and is of great theoretical and practical significance.On the new journey ahead,we must firmly ensure both development and security.More importantly,we must ensure both high-quality development and high-level security,safeguarding the former through the latter.This is an urgent requirement we face in today's world,which has entered a period of turbulence and transformation characterized by increasing complexity.Confronted with the formidable tasks of promoting reform and development while maintaining stability at home and the grave challenges brought about by international turbulence and changes,we must earnestly implement the guiding principles of the 20th CPC National Congress and the third plenary session of the 20th Party Central Committee.We should ensure secure and sustainable development,accelerate efforts to modernize China's national security system and capacity,foster high-level security,and improve the mechanisms for preserving national security in foreign-related affairs.In short,we should strive to achieve a positive interplay between high-quality development and high-level security,so as to effectively safeguard Chinese modernization.展开更多
文摘Sea lines of communication(SLOCs)security has long been a strategic concern for major powers.Following the establishment of the People’s Republic of China,the country’s focus was on the traditional security aspects of its SLOCs.Since the reform and opening-up era-and especially after the end of the Cold War-China has shifted its emphasis toward economic security.China’s SLOCs security bears on multiple dimensions of a holistic approach to national security,encompassing economic security,the safety of its citizens.
文摘Recently,the 2025 Central Conference on Work Related to Neighboring Countries was held in Beijing.As an important theoretical innovation,the conference emphasized for the first time pursuing“the model of security for Asia that features sharing weal and woe,seeking common ground while shelving differences,and prioritizing dialogue and consultation.”1 This fully demonstrates that China prioritizes neighborhood on its diplomatic agenda,regards security and stability in its neighborhood as a core strategic support,and is ready to collaborate with neighboring countries for a future of shared peace,development,and prosperity.
文摘Security is the cor nerstone of a country's peace and stability and the prerequisite for its survival and development.All countries around the world regard security as their top priority.Since most Asian countries suffered from colonial aggression and plundering for a long time in history,they as a whole attach special importance to national security.
基金The Fundamental Research Funds for the Central Universities(No.2242022k60005)Purple Mountain Laboratories for Network and Communication Security,and National Science Foundation(No.62233003).
文摘In response to the current gaps in ef-fective proactive defense methods within applica-tion security and the limited integration of security components with applications,this paper proposes a biomimetic security model,called NeuroShield,specifically designed for web applications.Inspired by the“perception-strategy-effect-feedback”mechanism of the human nervous control system,the model inte-grates biomimetic elements akin of neural receptors and effectors into applications.This integration fa-cilitates a multifaceted approach to security:enabling data introspection for detailed perception and regula-tion of application behavior,providing proactive de-fense capabilities to detect and block security risks in real-time,and incorporating feedback optimization to continuously adjust and enhance security strategies based on prevailing conditions.Experimental results affirm the efficacy of this neural control mechanism-based biomimetic security model,demonstrating a proactive defense success rate exceeding 95%,thereby offering a theoretical and structural foundation for biomimetic immunity in web applications.
文摘The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by physical attacks,EMP(electromagnetic pulse)events,or cyberattacks,such disruptions could cripple essential services like water supply,healthcare,communication,and transportation.Research indicates that an attack on just nine key substations could result in a coast-to-coast blackout lasting up to 18 months,leading to economic collapse,civil unrest,and a breakdown of public order.This paper explores the key vulnerabilities of the grid,the potential impacts of prolonged blackouts,and the role of AI(artificial intelligence)and ML(machine learning)in mitigating these threats.AI-driven cybersecurity measures,predictive maintenance,automated threat response,and EMP resilience strategies are discussed as essential solutions to bolster grid security.Policy recommendations emphasize the need for hardened infrastructure,enhanced cybersecurity,redundant power systems,and AI-based grid management to ensure national resilience.Without proactive measures,the nation remains exposed to a catastrophic power grid failure that could have dire consequences for society and the economy.
文摘In 2024, as the world underwent profound political changes, global security faced increasing instabilities and uncertainties. Traditional and non-traditional security threats interacted and overlapped, and the risk of turmoil increased. Strategic trust among major powers continued to erode, leading to heightened insecurity and intensified competition.
文摘In recent years,China and Indonesia have made notable progress in multiple areas of security cooperation,and their collaboration in this respect has continued to deepen under the leadership of both countries.In November 2024,China and Indonesia issued a joint statement during Indonesian President Prabowo Subianto’s visit to China.It was his first overseas trip after his inauguration.In the statement,the two countries agreed to add security cooperation as the fifth pillar of their partnership,marking an upgrade of bilateral ties.
文摘The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.
文摘Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniques coming up rapidly.The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle(SDLC)by analyzing the articles published in the last two decades and to propose a way forward.This review follows Kitchenham’s review protocol.The review has been divided into three main stages including planning,execution,and analysis.From the selected 100 articles,it becomes evident that need of a collaborative approach is necessary for addressing critical software security risks(CSSRs)through effective risk management/estimation techniques.Quantifying risks using a numeric scale enables a comprehensive understanding of their severity,facilitating focused resource allocation and mitigation efforts.Through a comprehensive understanding of potential vulnerabilities and proactive mitigation efforts facilitated by protection poker,organizations can prioritize resources effectively to ensure the successful outcome of projects and initiatives in today’s dynamic threat landscape.The review reveals that threat analysis and security testing are needed to develop automated tools for the future.Accurate estimation of effort required to prioritize potential security risks is a big challenge in software security.The accuracy of effort estimation can be further improved by exploring new techniques,particularly those involving deep learning.It is also imperative to validate these effort estimation methods to ensure all potential security threats are addressed.Another challenge is selecting the right model for each specific security threat.To achieve a comprehensive evaluation,researchers should use well-known benchmark checklists.
文摘Small-drone technology has opened a range of new applications for aerial transportation. These drones leverage the Internet of Things (IoT) to offer cross-location services for navigation. However, they are susceptible to security and privacy threats due to hardware and architectural issues. Although small drones hold promise for expansion in both civil and defense sectors, they have safety, security, and privacy threats. Addressing these challenges is crucial to maintaining the security and uninterrupted operations of these drones. In this regard, this study investigates security, and preservation concerning both the drones and Internet of Drones (IoD), emphasizing the significance of creating drone networks that are secure and can robustly withstand interceptions and intrusions. The proposed framework incorporates a weighted voting ensemble model comprising three convolutional neural network (CNN) models to enhance intrusion detection within the network. The employed CNNs are customized 1D models optimized to obtain better performance. The output from these CNNs is voted using a weighted criterion using a 0.4, 0.3, and 0.3 ratio for three CNNs, respectively. Experiments involve using multiple benchmark datasets, achieving an impressive accuracy of up to 99.89% on drone data. The proposed model shows promising results concerning precision, recall, and F1 as indicated by their obtained values of 99.92%, 99.98%, and 99.97%, respectively. Furthermore, cross-validation and performance comparison with existing works is also carried out. Findings indicate that the proposed approach offers a prospective solution for detecting security threats for aerial systems and satellite systems with high accuracy.
基金funded by Deanship of Research and Graduate Studies at King Khalid University.The authors extend their appreciation to the Deanship of Research and Graduate Studies at King Khalid University for funding this work through Large Group Project under grant number(RGP.2/556/45).
文摘Ensuring information security in the quantum era is a growing challenge due to advancements in cryptographic attacks and the emergence of quantum computing.To address these concerns,this paper presents the mathematical and computer modeling of a novel two-dimensional(2D)chaotic system for secure key generation in quantum image encryption(QIE).The proposed map employs trigonometric perturbations in conjunction with rational-saturation functions and hence,named as Trigonometric-Rational-Saturation(TRS)map.Through rigorous mathematical analysis and computational simulations,the map is extensively evaluated for bifurcation behaviour,chaotic trajectories,and Lyapunov exponents.The security evaluation validates the map’s non-linearity,unpredictability,and sensitive dependence on initial conditions.In addition,the proposed TRS map has further been tested by integrating it in a QIE scheme.The QIE scheme first quantum-encodes the classic image using the Novel Enhanced Quantum Representation(NEQR)technique,the TRS map is used for the generation of secure diffusion key,which is XOR-ed with the quantum-ready image to obtain the encrypted images.The security evaluation of the QIE scheme demonstrates superior security of the encrypted images in terms of statistical security attacks and also against Differential attacks.The encrypted images exhibit zero correlation and maximum entropy with demonstrating strong resilience due to 99.62%and 33.47%results for Number of Pixels Change Rate(NPCR)and Unified Average Changing Intensity(UACI).The results validate the effectiveness of TRS-based quantum encryption scheme in securing digital images against emerging quantum threats,making it suitable for secure image encryption in IoT and edge-based applications.
文摘This paper reviews the history and lessons of global oil crises while exploring the establishment of a quantitative evaluation model for oil security with Chinese characteristics.Using principal component analysis,it constructs an oil security evaluation indicator system for China with two main-level indicators:foreign oil dependency and its impacts,and market intervention and security assurance.
基金The author Dr.Arshiya Sajid Ansari extends the appreciation to the Deanship of Postgraduate Studies and Scientific Research at Majmaah University for funding this research work through the project number(R-2025-1706).
文摘IoT has emerged as a game-changing technology that connects numerous gadgets to networks for communication,processing,and real-time monitoring across diverse applications.Due to their heterogeneous nature and constrained resources,as well as the growing trend of using smart gadgets,there are privacy and security issues that are not adequately managed by conventional securitymeasures.This review offers a thorough analysis of contemporary AI solutions designed to enhance security within IoT ecosystems.The intersection of AI technologies,including ML,and blockchain,with IoT privacy and security is systematically examined,focusing on their efficacy in addressing core security issues.The methodology involves a detailed exploration of existing literature and research on AI-driven privacy-preserving security mechanisms in IoT.The reviewed solutions are categorized based on their ability to tackle specific security challenges.The review highlights key advancements,evaluates their practical applications,and identifies prevailing research gaps and challenges.The findings indicate that AI solutions,particularly those leveraging ML and blockchain,offerpromising enhancements to IoT privacy and security by improving threat detection capabilities and ensuring data integrity.This paper highlights how AI technologies might strengthen IoT privacy and security and offer suggestions for upcoming studies intended to address enduring problems and improve the robustness of IoT networks.
基金supported in part by the project of the State Key Laboratory of Advanced Rail Autonomous Operation(RAO2023ZZ004)in part by the Beijing Natural Science Foundation-Fengtai Rail Transit Frontier Research Joint Fund(L211002)+2 种基金in part by the Foundation of China State Railway Group Corporation Limited under Grant L2021G003in part by the Scientific and Technical Research Fund of China Academy of Railway Sciences Corporation Limited under Grant 2021YJ094in part by the Project I23L00200 and Project I24F00010.
文摘With the integration of informatization and intelligence into the Communication-Based Train Control(CBTC)systems,the system is facing an increasing number of information security threats.As an important method of characterizing the system security status,the security situation assessment is used to analyze the system security situation.However,existing situation assessment methods fail to integrate the coupling relationship between the physical layer and the information layer of the CBTC systems,and cannot dynamically characterize the real-time security situation changes under cyber attacks.In this paper,a hierarchical security situation assessment approach is proposed to address the security challenges of CBTC systems,which can perceive cyber attacks,quantify the security situation,and characterize the security situation changes under cyber attacks.Specifically,for the physical layer ofCBTC systems,the impact of cyber attacks is evaluated with the train punctuality rate and train departure interval indicators.For the information layer of CBTC systems,the system vulnerabilities and system threats are selected as static level indicators,and the critical network characteristics are selected as dynamic level indicators to quantify the real-time security situation.Finally,the comprehensive security situation assessment value of the CBTC systems is obtained by integrating the physical and information layer indicators.Simulation results illustrate that the proposed approach can dynamically characterize the real-time security situation of CBTC systems,enhancing the ability to perceive and assess information security risks.
文摘Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.
文摘This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 employees across 78 SMEs, qualitative interviews, and case studies, the research examines how psychological factors influence cybersecurity behaviors and policy effectiveness. Key findings reveal significant correlations between psychological factors and security outcomes, including the relationship between self-efficacy and policy compliance (r = 0.42, p β = 0.37, p < 0.001). The study identifies critical challenges in risk perception, policy complexity, and organizational culture affecting SME cybersecurity implementation. Results demonstrate that successful cybersecurity initiatives require the integration of psychological principles with technical solutions. The research provides a framework for developing human-centric security policies that address both behavioral and technical aspects of cybersecurity in resource-constrained environments.
基金funded by Princess Nourah bint Abdulrahman UniversityResearchers Supporting Project number (PNURSP2024R408), Princess Nourah bint AbdulrahmanUniversity, Riyadh, Saudi Arabia.
文摘A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built-in security measures, even though it can effectively handle and store enormous datasets using the Hadoop Distributed File System (HDFS). The increasing number of data breaches emphasizes how urgently creative encryption techniques are needed in cloud-based big data settings. This paper presents Adaptive Attribute-Based Honey Encryption (AABHE), a state-of-the-art technique that combines honey encryption with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to provide improved data security. Even if intercepted, AABHE makes sure that sensitive data cannot be accessed by unauthorized parties. With a focus on protecting huge files in HDFS, the suggested approach achieves 98% security robustness and 95% encryption efficiency, outperforming other encryption methods including Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Key-Policy Attribute-Based Encryption (KB-ABE), and Advanced Encryption Standard combined with Attribute-Based Encryption (AES+ABE). By fixing Hadoop’s security flaws, AABHE fortifies its protections against data breaches and enhances Hadoop’s dependability as a platform for processing and storing massive amounts of data.
文摘With the rapid development of information technology, the deep integration of the financial sector and the internet has become a key driving force for economic growth. However, while this trend brings convenience, it also poses significant cybersecurity challenges to the financial sector. This study comprehensively analyzes the current state, challenges, and protective measures of cybersecurity in the financial sector, aiming to provide important references for financial institutions in formulating cybersecurity strategies and enhancing risk management.
文摘As a major principle underlying the Communist Party of China's(CPC)governance in the new era and a core piece of its holistic approach to national security,ensuring both development and security emphasizes comprehensive governance from a long-term perspective and influences the world with its global vision.It keeps pace with the times by prioritizing innovative areas and is of great theoretical and practical significance.On the new journey ahead,we must firmly ensure both development and security.More importantly,we must ensure both high-quality development and high-level security,safeguarding the former through the latter.This is an urgent requirement we face in today's world,which has entered a period of turbulence and transformation characterized by increasing complexity.Confronted with the formidable tasks of promoting reform and development while maintaining stability at home and the grave challenges brought about by international turbulence and changes,we must earnestly implement the guiding principles of the 20th CPC National Congress and the third plenary session of the 20th Party Central Committee.We should ensure secure and sustainable development,accelerate efforts to modernize China's national security system and capacity,foster high-level security,and improve the mechanisms for preserving national security in foreign-related affairs.In short,we should strive to achieve a positive interplay between high-quality development and high-level security,so as to effectively safeguard Chinese modernization.
