Vulnerabilities are a known problem in modern Open Source Software(OSS).Most developers often rely on third-party libraries to accelerate feature implementation.However,these libraries may contain vulnerabilities that...Vulnerabilities are a known problem in modern Open Source Software(OSS).Most developers often rely on third-party libraries to accelerate feature implementation.However,these libraries may contain vulnerabilities that attackers can exploit to propagate malicious code,posing security risks to dependent projects.Existing research addresses these challenges through Software Composition Analysis(SCA)for vulnerability detection and remediation.Nevertheless,current solutions may introduce additional issues,such as incompatibilities,dependency conflicts,and additional vulnerabilities.To address this,we propose Vulnerability Scan and Protection(VulnScanPro),a robust solution for detection and remediation vulnerabilities in Java projects.Specifically,VulnScanPro builds a finegrained method graph to identify unreachable methods.The method graph is mapped to the project’s dependency tree,constructing a comprehensive vulnerability propagation graph that identifies unreachable vulnerable APIs and dependencies.Based on this analysis,we propose three solutions for vulnerability remediation:(1)Removing unreachable vulnerable dependencies,thereby resolving security risks and reducing maintenance overhead.(2)Upgrading vulnerable dependencies to the closest non-vulnerable versions,while pinning the versions of transitive dependencies introduced by the vulnerable dependency,in order to mitigate compatibility issues and prevent the introduction of new vulnerabilities.(3)Eliminating unreachable vulnerable APIs,particularly when security patches are either incompatible or absent.Experimental results show that these solutions effectively mitigate vulnerabilities and enhance the overall security of the project.展开更多
This review examines human vulnerabilities in cybersecurity within Microfinance Institutions, analyzing their impact on organizational resilience. Focusing on social engineering, inadequate security training, and weak...This review examines human vulnerabilities in cybersecurity within Microfinance Institutions, analyzing their impact on organizational resilience. Focusing on social engineering, inadequate security training, and weak internal protocols, the study identifies key vulnerabilities exacerbating cyber threats to MFIs. A literature review using databases like IEEE Xplore and Google Scholar focused on studies from 2019 to 2023 addressing human factors in cybersecurity specific to MFIs. Analysis of 57 studies reveals that phishing and insider threats are predominant, with a 20% annual increase in phishing attempts. Employee susceptibility to these attacks is heightened by insufficient training, with entry-level employees showing the highest vulnerability rates. Further, only 35% of MFIs offer regular cybersecurity training, significantly impacting incident reduction. This paper recommends enhanced training frequency, robust internal controls, and a cybersecurity-aware culture to mitigate human-induced cyber risks in MFIs.展开更多
With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide ...With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide strong security guarantees for IoT.However,at the same time,smart contracts themselves face numerous security challenges,among which reentrancy vulnerabilities are particularly prominent.Existing detection tools for reentrancy vulnerabilities often suffer from high false positive and false negative rates due to their reliance on identifying patterns related to specific transfer functions.To address these limitations,this paper proposes a novel detection method that combines pattern matching with deep learning.Specifically,we carefully identify and define three common patterns of reentrancy vulnerabilities in smart contracts.Then,we extract key vulnerability features based on these patterns.Furthermore,we employ a Graph Attention Neural Network to extract graph embedding features from the contract graph,capturing the complex relationships between different components of the contract.Finally,we use an attention mechanism to fuse these two sets of feature information,enhancing the weights of effective information and suppressing irrelevant information,thereby significantly improving the accuracy and robustness of vulnerability detection.Experimental results demonstrate that our proposed method outperforms existing state-ofthe-art techniques,achieving a 3.88%improvement in accuracy compared to the latest vulnerability detection model AME(Attentive Multi-Encoder Network).This indicates that our method effectively reduces false positives and false negatives,significantly enhancing the security and reliability of smart contracts in the evolving IoT ecosystem.展开更多
Coral reefs worldwide are losing their species diversity and ecosystem function under threats from global warming and anthropogenic activities.In this study,we investigated the diversity and current state of scleracti...Coral reefs worldwide are losing their species diversity and ecosystem function under threats from global warming and anthropogenic activities.In this study,we investigated the diversity and current state of scleractinian corals surrounding the Qizhou Archipelago.A total of 87 species of scleractinian corals,belonging to 29 genera and 12 families,were found across ten survey sites.The family Merulinidae exhibited the highest species richness(39 species and 12 genera),followed by Acroporidae(15 species and 3genera).The living coral coverage was 16.9%±10.3%(mean±SD)and ranged from 4.6%to 35.1%,which varied significantly.Massive corals such as Porites lutea,Porites lobata,Montipora nodosa,and Favites abdita were dominant species.The recruitment rate of coral larvae was(1.20±0.97)ind/m^(2)(mean±SD).In addition,we constructed an ecological vulnerability assessment system and evaluated the ecological vulnerability of scleractinian corals surrounding the Qizhou Archipelago.The results showed that scleractinian corals at Gouluanpaoshi(GLPS)and Duifan(DF)were highly vulnerable,whereas those on other islands had low to medium vulnerability.In general,the scleractinian corals surrounding the Qizhou Archipelago show low to medium levels of ecological vulnerability.Identifying severely afflicted areas and developing effective methods to manage coral reefs in these regions are crucial.展开更多
Since the advent of smart contracts,security vulnerabilities have remained a persistent challenge,compromsing both the reliability of contract execution and the overall stability of the virtual currency market.Consequ...Since the advent of smart contracts,security vulnerabilities have remained a persistent challenge,compromsing both the reliability of contract execution and the overall stability of the virtual currency market.Consequently,the academic community has devoted increasing attention to these security risks.However,conventional approaches to vulnerability detection frequently exhibit limited accuracy.To address this limitation,the present study introduces a novel vulnerability detection framework called GNNSE that integrates symbolic execution with graph neural networks(GNNs).The proposedmethod first constructs semantic graphs to comprehensively capture the control flow and data flow dependencies within smart contracts.These graphs are subsequently processed using GNNs to efficiently identify contracts with a high likelihood of vulnerabilities.For these high-risk contracts,symbolic execution is employed to perform fine-grained,path-level analysis,thereby improving overall detection precision.Experimental results on a dataset comprising 10,079 contracts demonstrate that the proposed method achieves detection precisions of 93.58% for reentrancy vulnerabilities and 92.73% for timestamp-dependent vulnerabilities.展开更多
The Gabes aquifer system,located in southeastern Tunisia,is a crucial resource for supporting local socio-economic activities.Due to its dual porosity structure,is particularly vulnerable to pollution.This study aims ...The Gabes aquifer system,located in southeastern Tunisia,is a crucial resource for supporting local socio-economic activities.Due to its dual porosity structure,is particularly vulnerable to pollution.This study aims to develop a hybrid model that combines the Fracture Aquifer Index(FAI)with the conventional GOD(Groundwater occurrence,Overall lithology,Depth to water table)method,to assess groundwater vulnerability in fractured aquifer.To develop the hybrid model,the classical GOD method was integrated with FAI to produce a single composite index.Each parameter within both GOD and FAI was scored,and a final index was calculated to delineate vulnerable areas.The results show that the study area can be classified into four vulnerability levels:Very low,low,moderate,and high,indicating that approximately 8%of the area exhibits very low vulnerability,29%has low vulnerability,25%falls into the moderate category,and 38%is considered highly vulnerable.The FAI-GOD model further incorporates fracture network characteristics.This refinement reduces the classification to three vulnerability classes:Low,medium,and high.The outcomes demonstrate that 46%of the area is highly vulnerable due to a dense concentration of fractures,while 17%represents an intermediate zone characterized by either shallow or deeper fractures.In contrast,37%corresponds to areas with lightly fractured rock,where the impact on vulnerability is minimal.Multivariate statistical analysis was employed using Principal Components Analysis(PCA)and Hierarchical Cluster Analysis(HCA)on 24 samples across six variables.The first three components account for over 76%of the total variance,reinforcing the significance of fracture dynamics in classifying vulnerability levels.The FAI-GOD model removes the very-low-vulnerability class and expands the spatial extent of low-and high-vulnerability zones,reflecting the dominant influence of fracture networks on aquifer sensitivity.While both indices use a five-class system,FAI-GOD redistributes vulnerability by eliminating very-low-vulnerability areas and amplifying low/high categories,highlighting the critical role of fractures.A strong correlation(R2=0.94)between the GOD and FAI-GOD indices,demonstrated through second-order polynomial regression,confirms the robustness of the FAI-GOD model in accurately predicting vulnerability to pollution.This model provides a useful framework for assessing the vulnerability of complex aquifers and serves as a decision-making tool for groundwater managers in similar areas.展开更多
As artificial Intelligence(AI)continues to expand exponentially,particularly with the emergence of generative pre-trained transformers(GPT)based on a transformer’s architecture,which has revolutionized data processin...As artificial Intelligence(AI)continues to expand exponentially,particularly with the emergence of generative pre-trained transformers(GPT)based on a transformer’s architecture,which has revolutionized data processing and enabled significant improvements in various applications.This document seeks to investigate the security vulnerabilities detection in the source code using a range of large language models(LLM).Our primary objective is to evaluate the effectiveness of Static Application Security Testing(SAST)by applying various techniques such as prompt persona,structure outputs and zero-shot.To the selection of the LLMs(CodeLlama 7B,DeepSeek coder 7B,Gemini 1.5 Flash,Gemini 2.0 Flash,Mistral 7b Instruct,Phi 38b Mini 128K instruct,Qwen 2.5 coder,StartCoder 27B)with comparison and combination with Find Security Bugs.The evaluation method will involve using a selected dataset containing vulnerabilities,and the results to provide insights for different scenarios according to the software criticality(Business critical,non-critical,minimum effort,best effort)In detail,the main objectives of this study are to investigate if large language models outperform or exceed the capabilities of traditional static analysis tools,if the combining LLMs with Static Application Security Testing(SAST)tools lead to an improvement and the possibility that local machine learning models on a normal computer produce reliable results.Summarizing the most important conclusions of the research,it can be said that while it is true that the results have improved depending on the size of the LLM for business-critical software,the best results have been obtained by SAST analysis.This differs in“NonCritical,”“Best Effort,”and“Minimum Effort”scenarios,where the combination of LLM(Gemini)+SAST has obtained better results.展开更多
Background:Exposure to environmental vulnerability poses significant threats to adolescent suicidal ideation,while individual resilience can mitigate these adverse effects with notable gender commonalities and differe...Background:Exposure to environmental vulnerability poses significant threats to adolescent suicidal ideation,while individual resilience can mitigate these adverse effects with notable gender commonalities and differences.However,research examining how these factors co-configure at the individual level remains limited,particularly from a gender-specific perspective.Thus,the present study aims to adopt a person-centered analytic approach to identify gender-specific configurations of environmental vulnerability and individual resilience associated with suicidal ideation among Chinese adolescents.Methods:Data were collected from 2616 Chinese primary and secondary school students(aged 10–17;1223 girls).Participants completed validated scales measuring environmental vulnerability,individual resilience,and suicidal ideation.Latent profile analysis(LPA)was conducted separately by gender.Results:Gender differences were prominent:males exhibited higher resilience and lower suicidal ideation,while females reported higher environmental vulnerability and elevated levels of suicidal ideation.LPA identified three distinct profiles for males:Low Vulnerable–High Protective–Low Risk(LHL),Medium Vulnerable–Low Protective–Low Risk(MLL),and High Vulnerable–Low Protective–High Risk(HLH).Four profiles emerged for females:LHL,MLL,Medium Vulnerable–Low Protective–Medium Risk(MLM),and HLH.Crucially,within the HLH profile,males exhibited particularly deficient humor(η^(2)=0.19)and confidence(η^(2)=0.16),while females formed a distinct subgroup characterized by severe academic and family stressors(η^(2)=0.30–0.36).Conclusion:The study underscores developing gender-specific mental health interventions using a nuanced,person-centered approach that considers both environmental risk and individual resilience factors,which allows for targeted suicide prevention strategies addressing the unique needs of male and female adolescents.展开更多
Rheumatoid arthritis(RA)patients face significant psychological challenges alongside physical symptoms,necessitating a comprehensive understanding of how psychological vulnerability and adaptation patterns evolve thro...Rheumatoid arthritis(RA)patients face significant psychological challenges alongside physical symptoms,necessitating a comprehensive understanding of how psychological vulnerability and adaptation patterns evolve throughout the disease course.This review examined 95 studies(2000-2025)from PubMed,Web of Science,and CNKI databases including longitudinal cohorts,randomized controlled trials,and mixed-methods research,to characterize the complex interplay between biological,psychological,and social factors affecting RA patients’mental health.Findings revealed three distinct vulnerability trajectories(45%persistently low,30%fluctuating improvement,25%persistently high)and four adaptation stages,with critical intervention periods occurring 3-6 months postdiagnosis and during disease flares.Multiple factors significantly influence psychological outcomes,including gender(females showing 1.8-fold increased risk),age(younger patients experiencing 42%higher vulnerability),pain intensity,inflammatory markers,and neuroendocrine dysregulation(48%showing cortisol rhythm disruption).Early psychological intervention(within 3 months of diagnosis)demonstrated robust benefits,reducing depression incidence by 42%with effects persisting 24-36 months,while different modalities showed complementary advantages:Cognitive behavioral therapy for depression(Cohen’s d=0.68),mindfulness for pain acceptance(38%improvement),and peer support for meaning reconstruction(25.6%increase).These findings underscore the importance of integrating routine psychological assessment into standard RA care,developing stage-appropriate interventions,and advancing research toward personalized biopsychosocial approaches that address the dynamic psychological dimensions of the disease.展开更多
The increasing electrification of urban transportation,i.e.,subways and electric vehicles(EV),brings more interactions between the power system and transportation system and further results in fault propagation across...The increasing electrification of urban transportation,i.e.,subways and electric vehicles(EV),brings more interactions between the power system and transportation system and further results in fault propagation across them.To analyze vulnerability of the coupling system under extreme events,this paper establishes a multi-layer urban electric-transportation interdependent network(ETIN)model.First,a weighted coupled metro-road traffic network(CTN)model and network path planning approach are proposed.A prospect theory-based failure load redistribution(FLR)method is further established to account for uncertainty of TN link capacity affected by power supply.Second,topology and emergency control strategy of power network(PN)are modeled,followed by formulation of multi-layer ETIN model.In particular,the inter-layer fault propagation from PN to TN is modeled based on power supply correlation strength,while from TN to PN is modeled based on traffic flow.A few indexes are then defined to quantify vulnerability of ETIN under deliberate attack.Finally,the proposed method is verified on an electric-transportation system to show influence of fault propagations within ETIN on its vulnerability under extreme events.展开更多
Global climate change is intensifying the impact of slope hazards,particularly rainfall-induced landslide hazards(RILH),on mountain road networks(MRNs).However,effective quantitative models for dynamically assessing M...Global climate change is intensifying the impact of slope hazards,particularly rainfall-induced landslide hazards(RILH),on mountain road networks(MRNs).However,effective quantitative models for dynamically assessing MRNs vulnerability under RILH disturbances are still lacking.To bridge this gap,this study develops a Cascading Failure Model for Rainfall-Induced Landslide Hazard(CFM-RILH).Validation via a case study of the GarzêTibetan Autonomous Prefecture Road Network(GTPRNs)reveals key characteristics of MRNs system vulnerability under RILH disturbances:(1)Under the disturbance effects of RILH,the vulnerability of the MRNs system follows a nonlinear phase transition law that intensifies with increasing disturbance intensity,exhibiting a distinct critical threshold.When the disturbance intensity exceeds this threshold,the system undergoes a global cascading failure phenomenon analogous to an“avalanche.”(2)Under RILH disturbances,the robustness of the MRNs system possesses a distinct safety boundary.Exceeding this boundary not only fails to improve hazard resistance but instead substantially elevates the risk of large-scale cascading failure.(3)Increasing network redundancy may be considered one of the primary engineering measures for enhancing MRNs resilience against such disturbances.Based on these findings,we propose a“Two-Stage Emergency Response and Hierarchical Fortification”strategy specifically to improve the resilience of GTPRNs impacted by RILH.The CFM-RILH model provides an effective tool for assessing road network vulnerability under such hazards.Furthermore,its modeling framework can also inform vulnerability assessment and resilience strategy development for road networks affected by other types of slope hazards.展开更多
In the context of modern software development characterized by increasing complexity and compressed development cycles,traditional static vulnerability detection methods face prominent challenges including high false ...In the context of modern software development characterized by increasing complexity and compressed development cycles,traditional static vulnerability detection methods face prominent challenges including high false positive rates and missed detections of complex logic due to their over-reliance on rule templates.This paper proposes a Syntax-Aware Hierarchical Attention Network(SAHAN)model,which achieves high-precision vulnerability detection through grammar-rule-driven multi-granularity code slicing and hierarchical semantic fusion mechanisms.The SAHAN model first generates Syntax Independent Units(SIUs),which slices the code based on Abstract Syntax Tree(AST)and predefined grammar rules,retaining vulnerability-sensitive contexts.Following this,through a hierarchical attention mechanism,the local syntax-aware layer encodes fine-grained patterns within SIUs,while the global semantic correlation layer captures vulnerability chains across SIUs,achieving synergistic modeling of syntax and semantics.Experiments show that on benchmark datasets like QEMU,SAHAN significantly improves detection performance by 4.8%to 13.1%on average compared to baseline models such as Devign and VulDeePecker.展开更多
Background Frailty is common and significantly impacts prognosis in heart failure(HF). The Vulnerable Elders Survey-13(VES-13), widely used in oncogeriatrics and public health, remains unexplored as a frailty screenin...Background Frailty is common and significantly impacts prognosis in heart failure(HF). The Vulnerable Elders Survey-13(VES-13), widely used in oncogeriatrics and public health, remains unexplored as a frailty screening tool in HF outpatients. In this study, we prospectively evaluated VES-13 against a multimodal screening assessment in detecting frailty and predicting individual risk of adverse prognosis.Methods Frailty was assessed at the initial visit using both a multimodal approach, incorporating Barthel Index, Older American Resources and Services scale, Pfeiffer Test, abbreviated Geriatric Depression Scale, age > 85 years, lacking support systems,and VES-13. Patients scoring ≥ 3 on VES-13 or meeting at least one multimodal criterion were classified as frail. Endpoints included all-cause mortality, a composite of death or HF hospitalization, and recurrent HF hospitalizations.Results A total of 301 patients were evaluated. VES-13 identified 40.2% as frail and the multimodal assessment 33.2%. In Cox regression analyses, frailty identified by VES-13 showed greater prognostic significance than the multimodal assessment for allcause mortality(HR = 3.70 [2.15–6.33], P < 0.001 vs. 2.40 [1.46–4.0], P = 0.001) and the composite endpoint(HR = 3.13 [2.02–4.84], P< 0.001 vs. 1.96 [1.28–2.99], P = 0.002). Recurrent HF hospitalizations were four times more frequent in VES-13 frail patients while two times in those identified as frail by the multimodal assessment. Additionally, stratifying patients by VES-13 tertiles provided robust risk differentiation.Conclusions VES-13, a simple frailty tool, outperformed a comprehensive multimodal assessment and could be easily integrated into routine HF care, highlighting its clinical utility in identifying patients at risk for poor outcomes.展开更多
Graph neural networks(GNNs)have shown notable success in identifying security vulnerabilities within Ethereum smart contracts by capturing structural relationships encoded in control-and data-flow graphs.Despite their...Graph neural networks(GNNs)have shown notable success in identifying security vulnerabilities within Ethereum smart contracts by capturing structural relationships encoded in control-and data-flow graphs.Despite their effectiveness,most GNN-based vulnerability detectors operate as black boxes,making their decisions difficult to interpret and thus less suitable for critical security auditing.The information bottleneck(IB)principle provides a theoretical framework for isolating task-relevant graph components.However,existing IB-based implementations often encounter unstable optimization and limited understanding of code semantics.To address these issues,we introduce ContractGIB,an interpretable graph information bottleneck framework for function-level vulnerability analysis.ContractGIB introduces three main advances.First,ContractGIB introduces an Hilbert–Schmidt Independence Criterion(HSIC)based estimator that provides stable dependence measurement.Second,it incorporates a CodeBERT semantic module to improve node representations.Third,it initializes all nodes with pretrained CodeBERT embeddings,removing the need for hand-crafted features.For each contract function,ContractGIB identifies themost informative nodes forming an instance-specific explanatory subgraph that supports the model’s prediction.Comprehensive experiments on public smart contract datasets,including ESC andVSC,demonstrate thatContractGIB achieves superior performance compared to competitive GNN baselines,while offering clearer,instance-level interpretability.展开更多
Ethernet-based Passive Optical Network(EPON) is considered a very promising solution for the first mile problem of the next generation networks.Due to its particular characteristic of shared media structure,EPON suffe...Ethernet-based Passive Optical Network(EPON) is considered a very promising solution for the first mile problem of the next generation networks.Due to its particular characteristic of shared media structure,EPON suffers many security vulnerabilities. Communication security must be guaranteed when EPON is applied in practice.This paper gives a general introduction to the EPON system,analyzes the potential threats and attacks pertaining to the EPON system,and presents effective countermea-sures against these threats and attacks with emphasis on the authentication protocols and key distribution.展开更多
The present study focuses on the impacts of extreme drought and flooding situations in Amazonia, using level/discharge data from some rivers in the Amazon region as indicators of impacts. The last 10 years have featur...The present study focuses on the impacts of extreme drought and flooding situations in Amazonia, using level/discharge data from some rivers in the Amazon region as indicators of impacts. The last 10 years have featured various “once in a century” droughts and floods in the Amazon basin, which have affected human and natural systems in the region. We assess a history of such hazards based on river data, and discuss some of the observed impacts in terms of vulnerability of human and natural systems, as well as some of adaptation strategies implemented by regional and local governments to cope with them. A critical perspective of mitigation of drought and flood policies in Amazonia suggests that they have been mostly ineffective in reducing vulnerability for the majority of the population, constituting, perhaps, examples of maladaptation via the undermining of resilience.展开更多
In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed eit...In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.展开更多
To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities ...To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.展开更多
The Ethiopian Electric Power(EEP) has been operating and managing the national interconnected power system with dispersed and geographically isolated generators, a complex transmission system and loads. In recent year...The Ethiopian Electric Power(EEP) has been operating and managing the national interconnected power system with dispersed and geographically isolated generators, a complex transmission system and loads. In recent years, with an increasing load demand due to rural electrification and industrialization, the Ethiopian power system has faced more frequent, widely spread and long lasting blackouts. To slash the occurrence of such incidents, identifying the system vulnerabilities is the first step in this direction. In this paper, the vulnerability assessment is performed using indices called active power performance index(PIp) and voltage performance index(PIv). These indices provide a direct means of comparing the relative severity of the different line outages on the system loads and voltage profiles. Accordingly, it is found that the most severe line outages are those lines that interconnect the high load centered(Addis Ababa and Central regions) with the rest of the regional power systems. In addition, the most vulnerable buses of the network in respect of voltage limit violations are mainly found at the high load centers.展开更多
Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of contr...Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of control devices,the Programmable Logic Controller(PLC)in an ICS carries out on-site control over the ICS.A cyberattack on the PLC will cause damages on the overall ICS,with Stuxnet and Duqu as the most representative cases.Thus,cybersecurity for PLCs is considered essential,and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks.In this study,a vulnerability analysis was conducted on the XGB PLC.Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack,memory modulation attack,and FTP/Web service account theft for the verification of the results.Based on the results,the attacks were proven to be able to cause the PLC to malfunction and disable it,and the identified vulnerabilities were defined.展开更多
基金supported by the National Natural Science Foundation of China(Grant No.62141210)the Fundamental Research Funds for the Central Universities(Grant No.N2217005)+1 种基金Open Fund of State Key Lab.for Novel Software Technology,Nanjing University(KFKT2021B01)111 Project(B16009).
文摘Vulnerabilities are a known problem in modern Open Source Software(OSS).Most developers often rely on third-party libraries to accelerate feature implementation.However,these libraries may contain vulnerabilities that attackers can exploit to propagate malicious code,posing security risks to dependent projects.Existing research addresses these challenges through Software Composition Analysis(SCA)for vulnerability detection and remediation.Nevertheless,current solutions may introduce additional issues,such as incompatibilities,dependency conflicts,and additional vulnerabilities.To address this,we propose Vulnerability Scan and Protection(VulnScanPro),a robust solution for detection and remediation vulnerabilities in Java projects.Specifically,VulnScanPro builds a finegrained method graph to identify unreachable methods.The method graph is mapped to the project’s dependency tree,constructing a comprehensive vulnerability propagation graph that identifies unreachable vulnerable APIs and dependencies.Based on this analysis,we propose three solutions for vulnerability remediation:(1)Removing unreachable vulnerable dependencies,thereby resolving security risks and reducing maintenance overhead.(2)Upgrading vulnerable dependencies to the closest non-vulnerable versions,while pinning the versions of transitive dependencies introduced by the vulnerable dependency,in order to mitigate compatibility issues and prevent the introduction of new vulnerabilities.(3)Eliminating unreachable vulnerable APIs,particularly when security patches are either incompatible or absent.Experimental results show that these solutions effectively mitigate vulnerabilities and enhance the overall security of the project.
文摘This review examines human vulnerabilities in cybersecurity within Microfinance Institutions, analyzing their impact on organizational resilience. Focusing on social engineering, inadequate security training, and weak internal protocols, the study identifies key vulnerabilities exacerbating cyber threats to MFIs. A literature review using databases like IEEE Xplore and Google Scholar focused on studies from 2019 to 2023 addressing human factors in cybersecurity specific to MFIs. Analysis of 57 studies reveals that phishing and insider threats are predominant, with a 20% annual increase in phishing attempts. Employee susceptibility to these attacks is heightened by insufficient training, with entry-level employees showing the highest vulnerability rates. Further, only 35% of MFIs offer regular cybersecurity training, significantly impacting incident reduction. This paper recommends enhanced training frequency, robust internal controls, and a cybersecurity-aware culture to mitigate human-induced cyber risks in MFIs.
基金supported by theHigher Education Research Project of Jilin Province:JGJX24C118the National Defense Basic Scientific Research Program of China(No.JCKY2023602C026).
文摘With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide strong security guarantees for IoT.However,at the same time,smart contracts themselves face numerous security challenges,among which reentrancy vulnerabilities are particularly prominent.Existing detection tools for reentrancy vulnerabilities often suffer from high false positive and false negative rates due to their reliance on identifying patterns related to specific transfer functions.To address these limitations,this paper proposes a novel detection method that combines pattern matching with deep learning.Specifically,we carefully identify and define three common patterns of reentrancy vulnerabilities in smart contracts.Then,we extract key vulnerability features based on these patterns.Furthermore,we employ a Graph Attention Neural Network to extract graph embedding features from the contract graph,capturing the complex relationships between different components of the contract.Finally,we use an attention mechanism to fuse these two sets of feature information,enhancing the weights of effective information and suppressing irrelevant information,thereby significantly improving the accuracy and robustness of vulnerability detection.Experimental results demonstrate that our proposed method outperforms existing state-ofthe-art techniques,achieving a 3.88%improvement in accuracy compared to the latest vulnerability detection model AME(Attentive Multi-Encoder Network).This indicates that our method effectively reduces false positives and false negatives,significantly enhancing the security and reliability of smart contracts in the evolving IoT ecosystem.
基金funded by the Scientific Research Foundation of Third Institute of Oceanography,Ministry of Natural Resources(Nos.2022024 and 2020006)the National Natural Science Foundation of China(No.42106143)。
文摘Coral reefs worldwide are losing their species diversity and ecosystem function under threats from global warming and anthropogenic activities.In this study,we investigated the diversity and current state of scleractinian corals surrounding the Qizhou Archipelago.A total of 87 species of scleractinian corals,belonging to 29 genera and 12 families,were found across ten survey sites.The family Merulinidae exhibited the highest species richness(39 species and 12 genera),followed by Acroporidae(15 species and 3genera).The living coral coverage was 16.9%±10.3%(mean±SD)and ranged from 4.6%to 35.1%,which varied significantly.Massive corals such as Porites lutea,Porites lobata,Montipora nodosa,and Favites abdita were dominant species.The recruitment rate of coral larvae was(1.20±0.97)ind/m^(2)(mean±SD).In addition,we constructed an ecological vulnerability assessment system and evaluated the ecological vulnerability of scleractinian corals surrounding the Qizhou Archipelago.The results showed that scleractinian corals at Gouluanpaoshi(GLPS)and Duifan(DF)were highly vulnerable,whereas those on other islands had low to medium vulnerability.In general,the scleractinian corals surrounding the Qizhou Archipelago show low to medium levels of ecological vulnerability.Identifying severely afflicted areas and developing effective methods to manage coral reefs in these regions are crucial.
基金supported by the National Key Research and Development Program of China(2020YFB1005704).
文摘Since the advent of smart contracts,security vulnerabilities have remained a persistent challenge,compromsing both the reliability of contract execution and the overall stability of the virtual currency market.Consequently,the academic community has devoted increasing attention to these security risks.However,conventional approaches to vulnerability detection frequently exhibit limited accuracy.To address this limitation,the present study introduces a novel vulnerability detection framework called GNNSE that integrates symbolic execution with graph neural networks(GNNs).The proposedmethod first constructs semantic graphs to comprehensively capture the control flow and data flow dependencies within smart contracts.These graphs are subsequently processed using GNNs to efficiently identify contracts with a high likelihood of vulnerabilities.For these high-risk contracts,symbolic execution is employed to perform fine-grained,path-level analysis,thereby improving overall detection precision.Experimental results on a dataset comprising 10,079 contracts demonstrate that the proposed method achieves detection precisions of 93.58% for reentrancy vulnerabilities and 92.73% for timestamp-dependent vulnerabilities.
文摘The Gabes aquifer system,located in southeastern Tunisia,is a crucial resource for supporting local socio-economic activities.Due to its dual porosity structure,is particularly vulnerable to pollution.This study aims to develop a hybrid model that combines the Fracture Aquifer Index(FAI)with the conventional GOD(Groundwater occurrence,Overall lithology,Depth to water table)method,to assess groundwater vulnerability in fractured aquifer.To develop the hybrid model,the classical GOD method was integrated with FAI to produce a single composite index.Each parameter within both GOD and FAI was scored,and a final index was calculated to delineate vulnerable areas.The results show that the study area can be classified into four vulnerability levels:Very low,low,moderate,and high,indicating that approximately 8%of the area exhibits very low vulnerability,29%has low vulnerability,25%falls into the moderate category,and 38%is considered highly vulnerable.The FAI-GOD model further incorporates fracture network characteristics.This refinement reduces the classification to three vulnerability classes:Low,medium,and high.The outcomes demonstrate that 46%of the area is highly vulnerable due to a dense concentration of fractures,while 17%represents an intermediate zone characterized by either shallow or deeper fractures.In contrast,37%corresponds to areas with lightly fractured rock,where the impact on vulnerability is minimal.Multivariate statistical analysis was employed using Principal Components Analysis(PCA)and Hierarchical Cluster Analysis(HCA)on 24 samples across six variables.The first three components account for over 76%of the total variance,reinforcing the significance of fracture dynamics in classifying vulnerability levels.The FAI-GOD model removes the very-low-vulnerability class and expands the spatial extent of low-and high-vulnerability zones,reflecting the dominant influence of fracture networks on aquifer sensitivity.While both indices use a five-class system,FAI-GOD redistributes vulnerability by eliminating very-low-vulnerability areas and amplifying low/high categories,highlighting the critical role of fractures.A strong correlation(R2=0.94)between the GOD and FAI-GOD indices,demonstrated through second-order polynomial regression,confirms the robustness of the FAI-GOD model in accurately predicting vulnerability to pollution.This model provides a useful framework for assessing the vulnerability of complex aquifers and serves as a decision-making tool for groundwater managers in similar areas.
文摘As artificial Intelligence(AI)continues to expand exponentially,particularly with the emergence of generative pre-trained transformers(GPT)based on a transformer’s architecture,which has revolutionized data processing and enabled significant improvements in various applications.This document seeks to investigate the security vulnerabilities detection in the source code using a range of large language models(LLM).Our primary objective is to evaluate the effectiveness of Static Application Security Testing(SAST)by applying various techniques such as prompt persona,structure outputs and zero-shot.To the selection of the LLMs(CodeLlama 7B,DeepSeek coder 7B,Gemini 1.5 Flash,Gemini 2.0 Flash,Mistral 7b Instruct,Phi 38b Mini 128K instruct,Qwen 2.5 coder,StartCoder 27B)with comparison and combination with Find Security Bugs.The evaluation method will involve using a selected dataset containing vulnerabilities,and the results to provide insights for different scenarios according to the software criticality(Business critical,non-critical,minimum effort,best effort)In detail,the main objectives of this study are to investigate if large language models outperform or exceed the capabilities of traditional static analysis tools,if the combining LLMs with Static Application Security Testing(SAST)tools lead to an improvement and the possibility that local machine learning models on a normal computer produce reliable results.Summarizing the most important conclusions of the research,it can be said that while it is true that the results have improved depending on the size of the LLM for business-critical software,the best results have been obtained by SAST analysis.This differs in“NonCritical,”“Best Effort,”and“Minimum Effort”scenarios,where the combination of LLM(Gemini)+SAST has obtained better results.
基金supported by the Major Planning Project of Philosophy and Social Science of Guangdong Province(GD23ZD17)the Humanities and Social Sciences Program of the Ministry of Education(23YJA190006)+3 种基金the Ministry of Education(MOE)Major Project of Philosophy and Social Sciences Research(2025JZDZ024)the MOE Project of the Key Research Institute of Humanities and Social Sciences in Universities(22JJD190008)a grant from the Research Center for Brain Cognition and Human Development of Guangdong(2024B0303390003)the Psychological Services and Counseling Base for the Happy Guangzhou Project.
文摘Background:Exposure to environmental vulnerability poses significant threats to adolescent suicidal ideation,while individual resilience can mitigate these adverse effects with notable gender commonalities and differences.However,research examining how these factors co-configure at the individual level remains limited,particularly from a gender-specific perspective.Thus,the present study aims to adopt a person-centered analytic approach to identify gender-specific configurations of environmental vulnerability and individual resilience associated with suicidal ideation among Chinese adolescents.Methods:Data were collected from 2616 Chinese primary and secondary school students(aged 10–17;1223 girls).Participants completed validated scales measuring environmental vulnerability,individual resilience,and suicidal ideation.Latent profile analysis(LPA)was conducted separately by gender.Results:Gender differences were prominent:males exhibited higher resilience and lower suicidal ideation,while females reported higher environmental vulnerability and elevated levels of suicidal ideation.LPA identified three distinct profiles for males:Low Vulnerable–High Protective–Low Risk(LHL),Medium Vulnerable–Low Protective–Low Risk(MLL),and High Vulnerable–Low Protective–High Risk(HLH).Four profiles emerged for females:LHL,MLL,Medium Vulnerable–Low Protective–Medium Risk(MLM),and HLH.Crucially,within the HLH profile,males exhibited particularly deficient humor(η^(2)=0.19)and confidence(η^(2)=0.16),while females formed a distinct subgroup characterized by severe academic and family stressors(η^(2)=0.30–0.36).Conclusion:The study underscores developing gender-specific mental health interventions using a nuanced,person-centered approach that considers both environmental risk and individual resilience factors,which allows for targeted suicide prevention strategies addressing the unique needs of male and female adolescents.
基金Supported by Chongqing Health Commission and Chongqing Science and Technology Bureau,No.2023MSXM182。
文摘Rheumatoid arthritis(RA)patients face significant psychological challenges alongside physical symptoms,necessitating a comprehensive understanding of how psychological vulnerability and adaptation patterns evolve throughout the disease course.This review examined 95 studies(2000-2025)from PubMed,Web of Science,and CNKI databases including longitudinal cohorts,randomized controlled trials,and mixed-methods research,to characterize the complex interplay between biological,psychological,and social factors affecting RA patients’mental health.Findings revealed three distinct vulnerability trajectories(45%persistently low,30%fluctuating improvement,25%persistently high)and four adaptation stages,with critical intervention periods occurring 3-6 months postdiagnosis and during disease flares.Multiple factors significantly influence psychological outcomes,including gender(females showing 1.8-fold increased risk),age(younger patients experiencing 42%higher vulnerability),pain intensity,inflammatory markers,and neuroendocrine dysregulation(48%showing cortisol rhythm disruption).Early psychological intervention(within 3 months of diagnosis)demonstrated robust benefits,reducing depression incidence by 42%with effects persisting 24-36 months,while different modalities showed complementary advantages:Cognitive behavioral therapy for depression(Cohen’s d=0.68),mindfulness for pain acceptance(38%improvement),and peer support for meaning reconstruction(25.6%increase).These findings underscore the importance of integrating routine psychological assessment into standard RA care,developing stage-appropriate interventions,and advancing research toward personalized biopsychosocial approaches that address the dynamic psychological dimensions of the disease.
文摘The increasing electrification of urban transportation,i.e.,subways and electric vehicles(EV),brings more interactions between the power system and transportation system and further results in fault propagation across them.To analyze vulnerability of the coupling system under extreme events,this paper establishes a multi-layer urban electric-transportation interdependent network(ETIN)model.First,a weighted coupled metro-road traffic network(CTN)model and network path planning approach are proposed.A prospect theory-based failure load redistribution(FLR)method is further established to account for uncertainty of TN link capacity affected by power supply.Second,topology and emergency control strategy of power network(PN)are modeled,followed by formulation of multi-layer ETIN model.In particular,the inter-layer fault propagation from PN to TN is modeled based on power supply correlation strength,while from TN to PN is modeled based on traffic flow.A few indexes are then defined to quantify vulnerability of ETIN under deliberate attack.Finally,the proposed method is verified on an electric-transportation system to show influence of fault propagations within ETIN on its vulnerability under extreme events.
基金financially supported by the National Key R&D Program of China(2024YFE0111900)The National Natural Science Foundation of China(U2468214,52378370,52278372)+1 种基金The National Ten Thousand Talent Program for Young Top-notch Talents(2022QB04978)The Science and Technology Program of Hebei Province(2023HBQZYCSB004)。
文摘Global climate change is intensifying the impact of slope hazards,particularly rainfall-induced landslide hazards(RILH),on mountain road networks(MRNs).However,effective quantitative models for dynamically assessing MRNs vulnerability under RILH disturbances are still lacking.To bridge this gap,this study develops a Cascading Failure Model for Rainfall-Induced Landslide Hazard(CFM-RILH).Validation via a case study of the GarzêTibetan Autonomous Prefecture Road Network(GTPRNs)reveals key characteristics of MRNs system vulnerability under RILH disturbances:(1)Under the disturbance effects of RILH,the vulnerability of the MRNs system follows a nonlinear phase transition law that intensifies with increasing disturbance intensity,exhibiting a distinct critical threshold.When the disturbance intensity exceeds this threshold,the system undergoes a global cascading failure phenomenon analogous to an“avalanche.”(2)Under RILH disturbances,the robustness of the MRNs system possesses a distinct safety boundary.Exceeding this boundary not only fails to improve hazard resistance but instead substantially elevates the risk of large-scale cascading failure.(3)Increasing network redundancy may be considered one of the primary engineering measures for enhancing MRNs resilience against such disturbances.Based on these findings,we propose a“Two-Stage Emergency Response and Hierarchical Fortification”strategy specifically to improve the resilience of GTPRNs impacted by RILH.The CFM-RILH model provides an effective tool for assessing road network vulnerability under such hazards.Furthermore,its modeling framework can also inform vulnerability assessment and resilience strategy development for road networks affected by other types of slope hazards.
基金supported by the research start-up funds for invited doctor of Lanzhou University of Technology under Grant 14/062402。
文摘In the context of modern software development characterized by increasing complexity and compressed development cycles,traditional static vulnerability detection methods face prominent challenges including high false positive rates and missed detections of complex logic due to their over-reliance on rule templates.This paper proposes a Syntax-Aware Hierarchical Attention Network(SAHAN)model,which achieves high-precision vulnerability detection through grammar-rule-driven multi-granularity code slicing and hierarchical semantic fusion mechanisms.The SAHAN model first generates Syntax Independent Units(SIUs),which slices the code based on Abstract Syntax Tree(AST)and predefined grammar rules,retaining vulnerability-sensitive contexts.Following this,through a hierarchical attention mechanism,the local syntax-aware layer encodes fine-grained patterns within SIUs,while the global semantic correlation layer captures vulnerability chains across SIUs,achieving synergistic modeling of syntax and semantics.Experiments show that on benchmark datasets like QEMU,SAHAN significantly improves detection performance by 4.8%to 13.1%on average compared to baseline models such as Devign and VulDeePecker.
文摘Background Frailty is common and significantly impacts prognosis in heart failure(HF). The Vulnerable Elders Survey-13(VES-13), widely used in oncogeriatrics and public health, remains unexplored as a frailty screening tool in HF outpatients. In this study, we prospectively evaluated VES-13 against a multimodal screening assessment in detecting frailty and predicting individual risk of adverse prognosis.Methods Frailty was assessed at the initial visit using both a multimodal approach, incorporating Barthel Index, Older American Resources and Services scale, Pfeiffer Test, abbreviated Geriatric Depression Scale, age > 85 years, lacking support systems,and VES-13. Patients scoring ≥ 3 on VES-13 or meeting at least one multimodal criterion were classified as frail. Endpoints included all-cause mortality, a composite of death or HF hospitalization, and recurrent HF hospitalizations.Results A total of 301 patients were evaluated. VES-13 identified 40.2% as frail and the multimodal assessment 33.2%. In Cox regression analyses, frailty identified by VES-13 showed greater prognostic significance than the multimodal assessment for allcause mortality(HR = 3.70 [2.15–6.33], P < 0.001 vs. 2.40 [1.46–4.0], P = 0.001) and the composite endpoint(HR = 3.13 [2.02–4.84], P< 0.001 vs. 1.96 [1.28–2.99], P = 0.002). Recurrent HF hospitalizations were four times more frequent in VES-13 frail patients while two times in those identified as frail by the multimodal assessment. Additionally, stratifying patients by VES-13 tertiles provided robust risk differentiation.Conclusions VES-13, a simple frailty tool, outperformed a comprehensive multimodal assessment and could be easily integrated into routine HF care, highlighting its clinical utility in identifying patients at risk for poor outcomes.
基金supported by the National Natural Science Foundation of China(Grant Nos.52208424,52208416,52078091,and 52108399)the Shanghai Municipal Science and Technology Major Project(Grant No.2021SHZDZX0102).
文摘Graph neural networks(GNNs)have shown notable success in identifying security vulnerabilities within Ethereum smart contracts by capturing structural relationships encoded in control-and data-flow graphs.Despite their effectiveness,most GNN-based vulnerability detectors operate as black boxes,making their decisions difficult to interpret and thus less suitable for critical security auditing.The information bottleneck(IB)principle provides a theoretical framework for isolating task-relevant graph components.However,existing IB-based implementations often encounter unstable optimization and limited understanding of code semantics.To address these issues,we introduce ContractGIB,an interpretable graph information bottleneck framework for function-level vulnerability analysis.ContractGIB introduces three main advances.First,ContractGIB introduces an Hilbert–Schmidt Independence Criterion(HSIC)based estimator that provides stable dependence measurement.Second,it incorporates a CodeBERT semantic module to improve node representations.Third,it initializes all nodes with pretrained CodeBERT embeddings,removing the need for hand-crafted features.For each contract function,ContractGIB identifies themost informative nodes forming an instance-specific explanatory subgraph that supports the model’s prediction.Comprehensive experiments on public smart contract datasets,including ESC andVSC,demonstrate thatContractGIB achieves superior performance compared to competitive GNN baselines,while offering clearer,instance-level interpretability.
文摘Ethernet-based Passive Optical Network(EPON) is considered a very promising solution for the first mile problem of the next generation networks.Due to its particular characteristic of shared media structure,EPON suffers many security vulnerabilities. Communication security must be guaranteed when EPON is applied in practice.This paper gives a general introduction to the EPON system,analyzes the potential threats and attacks pertaining to the EPON system,and presents effective countermea-sures against these threats and attacks with emphasis on the authentication protocols and key distribution.
文摘The present study focuses on the impacts of extreme drought and flooding situations in Amazonia, using level/discharge data from some rivers in the Amazon region as indicators of impacts. The last 10 years have featured various “once in a century” droughts and floods in the Amazon basin, which have affected human and natural systems in the region. We assess a history of such hazards based on river data, and discuss some of the observed impacts in terms of vulnerability of human and natural systems, as well as some of adaptation strategies implemented by regional and local governments to cope with them. A critical perspective of mitigation of drought and flood policies in Amazonia suggests that they have been mostly ineffective in reducing vulnerability for the majority of the population, constituting, perhaps, examples of maladaptation via the undermining of resilience.
文摘In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.
文摘To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.
文摘The Ethiopian Electric Power(EEP) has been operating and managing the national interconnected power system with dispersed and geographically isolated generators, a complex transmission system and loads. In recent years, with an increasing load demand due to rural electrification and industrialization, the Ethiopian power system has faced more frequent, widely spread and long lasting blackouts. To slash the occurrence of such incidents, identifying the system vulnerabilities is the first step in this direction. In this paper, the vulnerability assessment is performed using indices called active power performance index(PIp) and voltage performance index(PIv). These indices provide a direct means of comparing the relative severity of the different line outages on the system loads and voltage profiles. Accordingly, it is found that the most severe line outages are those lines that interconnect the high load centered(Addis Ababa and Central regions) with the rest of the regional power systems. In addition, the most vulnerable buses of the network in respect of voltage limit violations are mainly found at the high load centers.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT:Ministry of Science and ICT)(Nos.NRF-2016M2A8A4952280 and NRF-2020R1A2C1012187).
文摘Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of control devices,the Programmable Logic Controller(PLC)in an ICS carries out on-site control over the ICS.A cyberattack on the PLC will cause damages on the overall ICS,with Stuxnet and Duqu as the most representative cases.Thus,cybersecurity for PLCs is considered essential,and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks.In this study,a vulnerability analysis was conducted on the XGB PLC.Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack,memory modulation attack,and FTP/Web service account theft for the verification of the results.Based on the results,the attacks were proven to be able to cause the PLC to malfunction and disable it,and the identified vulnerabilities were defined.
