With respect to security, the use of various terminals in the mobile Internet environment is problematic.Traditional terminal testing methods cannot simulate actual testing environments; thus, the test results do not ...With respect to security, the use of various terminals in the mobile Internet environment is problematic.Traditional terminal testing methods cannot simulate actual testing environments; thus, the test results do not accurately reflect the security of terminals. To address this problem, we designed and developed a cloud platform based automated testing system for the mobile Internet. In this system, virtualization and automation technology are utilized to integrate mobile terminals into the cloud platform as a resource, to achieve a novel cloud service called Testing as a Service(Taa S). The system consists of three functional modules: web front-end module, testing environment module, and automated testing module. We adopted the permeable automated testing tool Metasploit to perform security testing. In our test experiments, we selected 100 apps with diverse vulnerability levels, ranging from secure to vulnerable, to perform a series of functional tests. The experimental results show that this system can correctly test both the number of vulnerable apps and their corresponding vulnerability levels. As such, the designed system can flexibly configure various testing environments for different testing cases or projects, and thereby perform security testing automatically.展开更多
The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define ...The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation’s commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rules-based approaches for discovering potential threats at organisation’s context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.展开更多
Although Named Entity Recognition(NER)in cybersecurity has historically concentrated on threat intelligence,vital security data can be found in a variety of sources,such as open-source intelligence and unprocessed too...Although Named Entity Recognition(NER)in cybersecurity has historically concentrated on threat intelligence,vital security data can be found in a variety of sources,such as open-source intelligence and unprocessed tool outputs.When dealing with technical language,the coexistence of structured and unstructured data poses serious issues for traditional BERT-based techniques.We introduce a three-phase approach for improved NER inmulti-source cybersecurity data that makes use of large language models(LLMs).To ensure thorough entity coverage,our method starts with an identification module that uses dynamic prompting techniques.To lessen hallucinations,the extraction module uses confidence-based self-assessment and cross-checking using regex validation.The tagging module links to knowledge bases for contextual validation and uses SecureBERT in conjunction with conditional random fields to detect entity boundaries precisely.Our framework creates efficient natural language segments by utilizing decoderbased LLMs with 10B parameters.When compared to baseline SecureBERT implementations,evaluation across four cybersecurity data sources shows notable gains,with a 9.4%–25.21%greater recall and a 6.38%–17.3%better F1-score.Our refined model matches larger models and achieves 2.6%–4.9%better F1-score for technical phrase recognition than the state-of-the-art alternatives Claude 3.5 Sonnet,Llama3-8B,and Mixtral-7B.The three-stage architecture identification-extraction-tagging pipeline tackles important cybersecurity NER issues.Through effective architectures,these developments preserve deployability while setting a new standard for entity extraction in challenging security scenarios.The findings show how specific enhancements in hybrid recognition,validation procedures,and prompt engineering raise NER performance above monolithic LLM approaches in cybersecurity applications,especially for technical entity extraction fromheterogeneous sourceswhere conventional techniques fall short.Because of itsmodular nature,the framework can be upgraded at the component level as new methods are developed.展开更多
New technologies that take advantage of the emergence of massive Internet of Things(IoT)and a hyper-connected network environment have rapidly increased in recent years.These technologies are used in diverse environme...New technologies that take advantage of the emergence of massive Internet of Things(IoT)and a hyper-connected network environment have rapidly increased in recent years.These technologies are used in diverse environments,such as smart factories,digital healthcare,and smart grids,with increased security concerns.We intend to operate Security Orchestration,Automation and Response(SOAR)in various environments through new concept definitions as the need to detect and respond automatically to rapidly increasing security incidents without the intervention of security personnel has emerged.To facilitate the understanding of the security concern involved in this newly emerging area,we offer the definition of Internet of Blended Environment(IoBE)where various convergence environments are interconnected and the data analyzed in automation.We define Blended Threat(BT)as a security threat that exploits security vulnerabilities through various attack surfaces in the IoBE.We propose a novel SOAR-CUBE architecture to respond to security incidents with minimal human intervention by automating the BT response process.The Security Orchestration,Automation,and Response(SOAR)part of our architecture is used to link heterogeneous security technologies and the threat intelligence function that collects threat data and performs a correlation analysis of the data.SOAR is operated under Collaborative Units of Blended Environment(CUBE)which facilitates dynamic exchanges of data according to the environment applied to the IoBE by distributing and deploying security technologies for each BT type and dynamically combining them according to the cyber kill chain stage to minimize the damage and respond efficiently to BT.展开更多
The constantly increasing degree and frequency of cyber threats require the emergence of flexible and intelligent approaches to systems’protection.Despite the calls for the use of artificial intelligence(AI)and machi...The constantly increasing degree and frequency of cyber threats require the emergence of flexible and intelligent approaches to systems’protection.Despite the calls for the use of artificial intelligence(AI)and machine learning(ML)in strengthening cyber security,there needs to be more literature on an integrated view of the application areas,open issues or trends in AI and ML for cyber security.Based on 90 studies,in the following literature review,the author categorizes and systematically analyzes the current research field to fill this gap.The review evidences that,in contrast to rigid rule-based systems that are static and specific to a given type of threat,AI and ML are more portable and effective in large-scale anomaly detection,malware classification,and prevention of phishing attacks by analyzing the data,learning the patterns,and improving the performance based on new data.Further,the study outlines significant themes,such as data quality,integration,and bias with AI/ML models,and underscores overcoming barriers to undertaking standard AI/ML integration.The contributions of this work are as follows:a thorough description of AI/ML applications in cyber security,discussions on the critical issues,and relevant opportunities and suggestions for future research.Consequently,the work contributes to establishing directions for creating and implementing AI/ML-based cyber security with demonstrable returns of technical solutions,organizational change,and ethicist interventions.展开更多
In this paper,we present a WItness based Data priority mEchanism(WIDE)for vehicles in the vicinity of an accident to facilitate liability decisions.WIDE evaluates the integrity of data generated by these vehicles,call...In this paper,we present a WItness based Data priority mEchanism(WIDE)for vehicles in the vicinity of an accident to facilitate liability decisions.WIDE evaluates the integrity of data generated by these vehicles,called witnesses,in the event of an accident to assure the reliability of data to be used for making liability decisions and ensure that such data are received from credible witnesses.To achieve this,WIDE introduces a two-level integrity assessment to achieve end-to-end integrity by initially ascertaining the integrity of data-producing sensors,and validating that data generated have not been altered on transit by compromised road-side units(RSUs)by executing a practical byzantine fault tolerance(pBFT)protocol to reach consensus on data reliability.Furthermore,WIDE utilises a blockchain based reputation management system(BRMS)to ensure that only data from highly reputable witnesses are utilised as contributing evidence for facilitating liability decisions.Finally,we formally verify the proposed framework against data integrity requirements using the Automated Verification of Internet Security Protocols and Applications(AVISPA)with High-Level Protocol Specification Language(HLPSL).Qualitative arguments show that our proposed framework is secured against identified security attacks and assures the reliability of data utilised for making liability decisions,while quantitative evaluations demonstrate that our proposal is practical for fully autonomous vehicle forensics.展开更多
基金supported by the National Natural Science Foundation of China (No. 61202431)the National High-Tech Research and Development (863) Program of China (No. 2013AA014702)+2 种基金Beijing Higher Education Young Elite Teacher Project (No. YETP0535)the Open Project Program of Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networksthe Scientific Research Foundation for the Returned Overseas Chinese Scholars, Ministry of Education
文摘With respect to security, the use of various terminals in the mobile Internet environment is problematic.Traditional terminal testing methods cannot simulate actual testing environments; thus, the test results do not accurately reflect the security of terminals. To address this problem, we designed and developed a cloud platform based automated testing system for the mobile Internet. In this system, virtualization and automation technology are utilized to integrate mobile terminals into the cloud platform as a resource, to achieve a novel cloud service called Testing as a Service(Taa S). The system consists of three functional modules: web front-end module, testing environment module, and automated testing module. We adopted the permeable automated testing tool Metasploit to perform security testing. In our test experiments, we selected 100 apps with diverse vulnerability levels, ranging from secure to vulnerable, to perform a series of functional tests. The experimental results show that this system can correctly test both the number of vulnerable apps and their corresponding vulnerability levels. As such, the designed system can flexibly configure various testing environments for different testing cases or projects, and thereby perform security testing automatically.
文摘The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation’s commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rules-based approaches for discovering potential threats at organisation’s context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.
文摘Although Named Entity Recognition(NER)in cybersecurity has historically concentrated on threat intelligence,vital security data can be found in a variety of sources,such as open-source intelligence and unprocessed tool outputs.When dealing with technical language,the coexistence of structured and unstructured data poses serious issues for traditional BERT-based techniques.We introduce a three-phase approach for improved NER inmulti-source cybersecurity data that makes use of large language models(LLMs).To ensure thorough entity coverage,our method starts with an identification module that uses dynamic prompting techniques.To lessen hallucinations,the extraction module uses confidence-based self-assessment and cross-checking using regex validation.The tagging module links to knowledge bases for contextual validation and uses SecureBERT in conjunction with conditional random fields to detect entity boundaries precisely.Our framework creates efficient natural language segments by utilizing decoderbased LLMs with 10B parameters.When compared to baseline SecureBERT implementations,evaluation across four cybersecurity data sources shows notable gains,with a 9.4%–25.21%greater recall and a 6.38%–17.3%better F1-score.Our refined model matches larger models and achieves 2.6%–4.9%better F1-score for technical phrase recognition than the state-of-the-art alternatives Claude 3.5 Sonnet,Llama3-8B,and Mixtral-7B.The three-stage architecture identification-extraction-tagging pipeline tackles important cybersecurity NER issues.Through effective architectures,these developments preserve deployability while setting a new standard for entity extraction in challenging security scenarios.The findings show how specific enhancements in hybrid recognition,validation procedures,and prompt engineering raise NER performance above monolithic LLM approaches in cybersecurity applications,especially for technical entity extraction fromheterogeneous sourceswhere conventional techniques fall short.Because of itsmodular nature,the framework can be upgraded at the component level as new methods are developed.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.2021R1A2C2011391)and was supported by the Ajou University research fund.
文摘New technologies that take advantage of the emergence of massive Internet of Things(IoT)and a hyper-connected network environment have rapidly increased in recent years.These technologies are used in diverse environments,such as smart factories,digital healthcare,and smart grids,with increased security concerns.We intend to operate Security Orchestration,Automation and Response(SOAR)in various environments through new concept definitions as the need to detect and respond automatically to rapidly increasing security incidents without the intervention of security personnel has emerged.To facilitate the understanding of the security concern involved in this newly emerging area,we offer the definition of Internet of Blended Environment(IoBE)where various convergence environments are interconnected and the data analyzed in automation.We define Blended Threat(BT)as a security threat that exploits security vulnerabilities through various attack surfaces in the IoBE.We propose a novel SOAR-CUBE architecture to respond to security incidents with minimal human intervention by automating the BT response process.The Security Orchestration,Automation,and Response(SOAR)part of our architecture is used to link heterogeneous security technologies and the threat intelligence function that collects threat data and performs a correlation analysis of the data.SOAR is operated under Collaborative Units of Blended Environment(CUBE)which facilitates dynamic exchanges of data according to the environment applied to the IoBE by distributing and deploying security technologies for each BT type and dynamically combining them according to the cyber kill chain stage to minimize the damage and respond efficiently to BT.
文摘The constantly increasing degree and frequency of cyber threats require the emergence of flexible and intelligent approaches to systems’protection.Despite the calls for the use of artificial intelligence(AI)and machine learning(ML)in strengthening cyber security,there needs to be more literature on an integrated view of the application areas,open issues or trends in AI and ML for cyber security.Based on 90 studies,in the following literature review,the author categorizes and systematically analyzes the current research field to fill this gap.The review evidences that,in contrast to rigid rule-based systems that are static and specific to a given type of threat,AI and ML are more portable and effective in large-scale anomaly detection,malware classification,and prevention of phishing attacks by analyzing the data,learning the patterns,and improving the performance based on new data.Further,the study outlines significant themes,such as data quality,integration,and bias with AI/ML models,and underscores overcoming barriers to undertaking standard AI/ML integration.The contributions of this work are as follows:a thorough description of AI/ML applications in cyber security,discussions on the critical issues,and relevant opportunities and suggestions for future research.Consequently,the work contributes to establishing directions for creating and implementing AI/ML-based cyber security with demonstrable returns of technical solutions,organizational change,and ethicist interventions.
文摘In this paper,we present a WItness based Data priority mEchanism(WIDE)for vehicles in the vicinity of an accident to facilitate liability decisions.WIDE evaluates the integrity of data generated by these vehicles,called witnesses,in the event of an accident to assure the reliability of data to be used for making liability decisions and ensure that such data are received from credible witnesses.To achieve this,WIDE introduces a two-level integrity assessment to achieve end-to-end integrity by initially ascertaining the integrity of data-producing sensors,and validating that data generated have not been altered on transit by compromised road-side units(RSUs)by executing a practical byzantine fault tolerance(pBFT)protocol to reach consensus on data reliability.Furthermore,WIDE utilises a blockchain based reputation management system(BRMS)to ensure that only data from highly reputable witnesses are utilised as contributing evidence for facilitating liability decisions.Finally,we formally verify the proposed framework against data integrity requirements using the Automated Verification of Internet Security Protocols and Applications(AVISPA)with High-Level Protocol Specification Language(HLPSL).Qualitative arguments show that our proposed framework is secured against identified security attacks and assures the reliability of data utilised for making liability decisions,while quantitative evaluations demonstrate that our proposal is practical for fully autonomous vehicle forensics.
