Cyberattacks are difficult to prevent because the targeted companies and organizations are often relying on new and fundamentally insecure cloudbased technologies,such as the Internet of Things.With increasing industr...Cyberattacks are difficult to prevent because the targeted companies and organizations are often relying on new and fundamentally insecure cloudbased technologies,such as the Internet of Things.With increasing industry adoption and migration of traditional computing services to the cloud,one of the main challenges in cybersecurity is to provide mechanisms to secure these technologies.This work proposes a Data Security Framework for cloud computing services(CCS)that evaluates and improves CCS data security from a software engineering perspective by evaluating the levels of security within the cloud computing paradigm using engineering methods and techniques applied to CCS.This framework is developed by means of a methodology based on a heuristic theory that incorporates knowledge generated by existing works as well as the experience of their implementation.The paper presents the design details of the framework,which consists of three stages:identification of data security requirements,management of data security risks and evaluation of data security performance in CCS.展开更多
As technology and the internet develop,more data are generated every day.These data are in large sizes,high dimensions,and complex structures.The combination of these three features is the“Big Data”[1].Big data is r...As technology and the internet develop,more data are generated every day.These data are in large sizes,high dimensions,and complex structures.The combination of these three features is the“Big Data”[1].Big data is revolutionizing all industries,bringing colossal impacts to them[2].Many researchers have pointed out the huge impact that big data can have on our daily lives[3].We can utilize the information we obtain and help us make decisions.Also,the conclusions we drew from the big data we analyzed can be used as a prediction for the future,helping us to make more accurate and benign decisions earlier than others.If we apply these technics in finance,for example,in stock,we can get detailed information for stocks.Moreover,we can use the analyzed data to predict certain stocks.This can help people decide whether to buy a stock or not by providing predicted data for people at a certain convincing level,helping to protect them from potential losses.展开更多
As machine learning moves into high-risk and sensitive applications such as medical care,autonomous driving,and financial planning,how to interpret the predictions of the black-box model becomes the key to whether peo...As machine learning moves into high-risk and sensitive applications such as medical care,autonomous driving,and financial planning,how to interpret the predictions of the black-box model becomes the key to whether people can trust machine learning decisions.Interpretability relies on providing users with additional information or explanations to improve model transparency and help users understand model decisions.However,these information inevitably leads to the dataset or model into the risk of privacy leaks.We propose a strategy to reduce model privacy leakage for instance interpretability techniques.The following is the specific operation process.Firstly,the user inputs data into the model,and the model calculates the prediction confidence of the data provided by the user and gives the prediction results.Meanwhile,the model obtains the prediction confidence of the interpretation data set.Finally,the data with the smallest Euclidean distance between the confidence of the interpretation set and the prediction data as the explainable data.Experimental results show that The Euclidean distance between the confidence of interpretation data and the confidence of prediction data provided by this method is very small,which shows that the model's prediction of interpreted data is very similar to the model's prediction of user data.Finally,we demonstrate the accuracy of the explanatory data.We measure the matching degree between the real label and the predicted label of the interpreted data and the applicability to the network model.The results show that the interpretation method has high accuracy and wide applicability.展开更多
In a data-intensive environment,the ability to accurately identify and manage data risks is essential for maintaining cybersecurity,preventing potential threats,supporting decision-making,and enabling effective post-i...In a data-intensive environment,the ability to accurately identify and manage data risks is essential for maintaining cybersecurity,preventing potential threats,supporting decision-making,and enabling effective post-incident analysis.Existing approaches to data risk identification are typically structured around the stages of the data lifecycle,offering a broad perspective but often lacking alignment with the specific dynamics of business operations.This study proposes a data-driven framework for data risk identification that reflects practical business contexts.The framework incorporates 25 categorized risk sources and 13 defined risk-triggering events,using data analysis to examine their interactions and influence.The approach demonstrates strong alignment with documented risk incidents and effectively captures relevant risk factors across operational scenarios.The implementation of this framework enables organizations to identify critical risk points more precisely,enhance the accuracy and timeliness of risk response strategies,and strengthen data governance practices.It also facilitates more informed strategic planning and cross-functional coordination,contributing to improved resilience and operational efficiency.展开更多
文摘Cyberattacks are difficult to prevent because the targeted companies and organizations are often relying on new and fundamentally insecure cloudbased technologies,such as the Internet of Things.With increasing industry adoption and migration of traditional computing services to the cloud,one of the main challenges in cybersecurity is to provide mechanisms to secure these technologies.This work proposes a Data Security Framework for cloud computing services(CCS)that evaluates and improves CCS data security from a software engineering perspective by evaluating the levels of security within the cloud computing paradigm using engineering methods and techniques applied to CCS.This framework is developed by means of a methodology based on a heuristic theory that incorporates knowledge generated by existing works as well as the experience of their implementation.The paper presents the design details of the framework,which consists of three stages:identification of data security requirements,management of data security risks and evaluation of data security performance in CCS.
文摘As technology and the internet develop,more data are generated every day.These data are in large sizes,high dimensions,and complex structures.The combination of these three features is the“Big Data”[1].Big data is revolutionizing all industries,bringing colossal impacts to them[2].Many researchers have pointed out the huge impact that big data can have on our daily lives[3].We can utilize the information we obtain and help us make decisions.Also,the conclusions we drew from the big data we analyzed can be used as a prediction for the future,helping us to make more accurate and benign decisions earlier than others.If we apply these technics in finance,for example,in stock,we can get detailed information for stocks.Moreover,we can use the analyzed data to predict certain stocks.This can help people decide whether to buy a stock or not by providing predicted data for people at a certain convincing level,helping to protect them from potential losses.
基金This work is supported by the National Natural Science Foundation of China(Grant No.61966011)Hainan University Education and Teaching Reform Research Project(Grant No.HDJWJG01)+3 种基金Key Research and Development Program of Hainan Province(Grant No.ZDYF2020033)Young Talents’Science and Technology Innovation Project of Hainan Association for Science and Technology(Grant No.QCXM202007)Hainan Provincial Natural Science Foundation of China(Grant No.621RC612)Hainan Provincial Natural Science Foundation of China(Grant No.2019RC107).
文摘As machine learning moves into high-risk and sensitive applications such as medical care,autonomous driving,and financial planning,how to interpret the predictions of the black-box model becomes the key to whether people can trust machine learning decisions.Interpretability relies on providing users with additional information or explanations to improve model transparency and help users understand model decisions.However,these information inevitably leads to the dataset or model into the risk of privacy leaks.We propose a strategy to reduce model privacy leakage for instance interpretability techniques.The following is the specific operation process.Firstly,the user inputs data into the model,and the model calculates the prediction confidence of the data provided by the user and gives the prediction results.Meanwhile,the model obtains the prediction confidence of the interpretation data set.Finally,the data with the smallest Euclidean distance between the confidence of the interpretation set and the prediction data as the explainable data.Experimental results show that The Euclidean distance between the confidence of interpretation data and the confidence of prediction data provided by this method is very small,which shows that the model's prediction of interpreted data is very similar to the model's prediction of user data.Finally,we demonstrate the accuracy of the explanatory data.We measure the matching degree between the real label and the predicted label of the interpreted data and the applicability to the network model.The results show that the interpretation method has high accuracy and wide applicability.
基金supported by grants from the National Natural Science Foundation of China(T2293774,72571269,72201265)National Key Research and Development Program of China(2022YFC3321104)+2 种基金China Postdoctoral Science Foundation funded project(2023T160635,2022M723105)Fundamental Research Funds for the Central UniversitiesMOE Social Science Laboratory of Digital Economic Forecasts and Policy Simulation at the University of Chinese Academy of Sciences.
文摘In a data-intensive environment,the ability to accurately identify and manage data risks is essential for maintaining cybersecurity,preventing potential threats,supporting decision-making,and enabling effective post-incident analysis.Existing approaches to data risk identification are typically structured around the stages of the data lifecycle,offering a broad perspective but often lacking alignment with the specific dynamics of business operations.This study proposes a data-driven framework for data risk identification that reflects practical business contexts.The framework incorporates 25 categorized risk sources and 13 defined risk-triggering events,using data analysis to examine their interactions and influence.The approach demonstrates strong alignment with documented risk incidents and effectively captures relevant risk factors across operational scenarios.The implementation of this framework enables organizations to identify critical risk points more precisely,enhance the accuracy and timeliness of risk response strategies,and strengthen data governance practices.It also facilitates more informed strategic planning and cross-functional coordination,contributing to improved resilience and operational efficiency.
