This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA f...This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA framework integrates security by design principles, micro-segmentation, and Island Mode Operation (IMO) to enhance cyber resilience and ensure continuous, secure operations. The methodology deploys a Forward-Thinking Architecture Strategy (FTAS) algorithm, which utilises an industrial Intrusion Detection System (IDS) implemented with Python’s Network Intrusion Detection System (NIDS) library. The FTAS algorithm successfully identified and responded to cyber-attacks, ensuring minimal system disruption. ISERA has been validated through comprehensive testing scenarios simulating Denial of Service (DoS) attacks and malware intrusions, at both the IT and OT layers where it successfully mitigates the impact of malicious activity. Results demonstrate ISERA’s efficacy in real-time threat detection, containment, and incident response, thus ensuring the integrity and reliability of critical infrastructure systems. ISERA’s decentralised approach contributes to global net zero goals by optimising resource use and minimising environmental impact. By adopting a decentralised control architecture and leveraging virtualisation, ISERA significantly enhances the cyber resilience and sustainability of critical infrastructure systems. This approach not only strengthens defences against evolving cyber threats but also optimises resource allocation, reducing the system’s carbon footprint. As a result, ISERA ensures the uninterrupted operation of essential services while contributing to broader net zero goals.展开更多
In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions t...In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions that the component has can be determined. To facilitate the searching process,string searching methods could be employed. However,current approaches are not effective enough to search long pattern string. In order to mine the specific information with less number of matches,we proposed an improved Sunday string searching algorithm in this paper. Unlike Sunday algorithm which does not make use of the already matched characters,the proposed approach presents two ideas — utilizing and recycling these characters. We take advantage of all matched characters in main string,if they are still in the matchable interval compared with pattern string,to increase the distance that pattern string moves backwards. Experimental analysis shows that,compared to Sunday algorithm,our method could greatly reduce the matching times,if the scale of character set constituting both main string and pattern string is small,or if the length of pattern string is long. Also,the proposed approach can improve the search effectiveness for abnormal information in component security testing.展开更多
With the general rise in the quality of life in our country, people have begun to pay attention to health and food safety, not only to meet the needs of food and clothing. As one of the necessities of human beings, fo...With the general rise in the quality of life in our country, people have begun to pay attention to health and food safety, not only to meet the needs of food and clothing. As one of the necessities of human beings, food safety plays a vital role in the health of our people. Therefore, relevant departments should pay attention to the detection of food safety and improve their attention. As the most widely used technology in food and drug safety testing, meteorological chromatography-mass spectrometry has the characteristics of more intuitive, accurate and convenient, and has achieved excellent results in the first-class pharmaceutical industry.展开更多
It is difficult to formalize the causes of vulnerability, and there is no effective model to reveal the causes and characteristics of vulnerability. In this paper, a vulnerability model construction method is proposed...It is difficult to formalize the causes of vulnerability, and there is no effective model to reveal the causes and characteristics of vulnerability. In this paper, a vulnerability model construction method is proposed to realize the description of vulnerability attribute and the construction of a vulnerability model. A vulnerability model based on chemical abstract machine(CHAM) is constructed to realize the CHAM description of vulnerability model, and the framework of vulnerability model is also discussed. Case study is carried out to verify the feasibility and effectiveness of the proposed model. In addition, a prototype system is also designed and implemented based on the proposed vulnerability model. Experimental results show that the proposed model is more effective than other methods in the detection of software vulnerabilities.展开更多
Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares a...Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine(Droid Detector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test Droid Detector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. Droid Detector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.展开更多
Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keywor...Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keyword strings. However, existing string-searching algorithms are not very efficient or appropriate for the operation of searching monitor logs during component security testing. For mining abnormal information effectively in monitor logs, an improved string-searching algorithm is proposed. The main idea of this algorithm is to search for the first occurrence of a character in the main string. The character should be different and farther from the last character in the pattern string. With this algorithm, the backward moving distance of the pattern string will be increased and the matching time will be optimized. In the end, we conduct an experimental study based on our approach, the results of which show that the proposed algorithm finds strings in monitor logs 11.5% more efficiently than existing approaches.展开更多
With the wide application and development of blockchain technology in various fields such as finance, government affairs and medical care, security incidents occur frequently on it, which brings great threats to users...With the wide application and development of blockchain technology in various fields such as finance, government affairs and medical care, security incidents occur frequently on it, which brings great threats to users’ assets and information. Many researchers have worked on blockchain abnormal behavior awareness in respond to these threats. We summarize respectively the existing public blockchain and consortium blockchain abnormal behavior awareness methods and ideas in detail as the difference between the two types of blockchain. At the same time, we summarize and analyze the existing data sets related to mainstream blockchain security, and finally discuss possible future research directions. Therefore, this work can provide a reference for blockchain security awareness research.展开更多
基金funded by the Office of Gas and Electricity Markets(Ofgem)and supported by De Montfort University(DMU)and Nottingham Trent University(NTU),UK.
文摘This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA framework integrates security by design principles, micro-segmentation, and Island Mode Operation (IMO) to enhance cyber resilience and ensure continuous, secure operations. The methodology deploys a Forward-Thinking Architecture Strategy (FTAS) algorithm, which utilises an industrial Intrusion Detection System (IDS) implemented with Python’s Network Intrusion Detection System (NIDS) library. The FTAS algorithm successfully identified and responded to cyber-attacks, ensuring minimal system disruption. ISERA has been validated through comprehensive testing scenarios simulating Denial of Service (DoS) attacks and malware intrusions, at both the IT and OT layers where it successfully mitigates the impact of malicious activity. Results demonstrate ISERA’s efficacy in real-time threat detection, containment, and incident response, thus ensuring the integrity and reliability of critical infrastructure systems. ISERA’s decentralised approach contributes to global net zero goals by optimising resource use and minimising environmental impact. By adopting a decentralised control architecture and leveraging virtualisation, ISERA significantly enhances the cyber resilience and sustainability of critical infrastructure systems. This approach not only strengthens defences against evolving cyber threats but also optimises resource allocation, reducing the system’s carbon footprint. As a result, ISERA ensures the uninterrupted operation of essential services while contributing to broader net zero goals.
基金supported by National Natural Science Foundation of China (NSFC grant number:61202110,61401180 and 61502205)the Postdoctoral Science Foundation of China (Grant number:2015M571687 and 2015M581739)the Graduate Research Innovation Project of Jiangsu Province(KYLX15_1079 and KYLX16_0900)
文摘In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions that the component has can be determined. To facilitate the searching process,string searching methods could be employed. However,current approaches are not effective enough to search long pattern string. In order to mine the specific information with less number of matches,we proposed an improved Sunday string searching algorithm in this paper. Unlike Sunday algorithm which does not make use of the already matched characters,the proposed approach presents two ideas — utilizing and recycling these characters. We take advantage of all matched characters in main string,if they are still in the matchable interval compared with pattern string,to increase the distance that pattern string moves backwards. Experimental analysis shows that,compared to Sunday algorithm,our method could greatly reduce the matching times,if the scale of character set constituting both main string and pattern string is small,or if the length of pattern string is long. Also,the proposed approach can improve the search effectiveness for abnormal information in component security testing.
文摘With the general rise in the quality of life in our country, people have begun to pay attention to health and food safety, not only to meet the needs of food and clothing. As one of the necessities of human beings, food safety plays a vital role in the health of our people. Therefore, relevant departments should pay attention to the detection of food safety and improve their attention. As the most widely used technology in food and drug safety testing, meteorological chromatography-mass spectrometry has the characteristics of more intuitive, accurate and convenient, and has achieved excellent results in the first-class pharmaceutical industry.
基金Supported by the National Natural Science Foundation of China(61202110 and 61502205)the Project of Jiangsu Provincial Six Talent Peaks(XYDXXJS-016)
文摘It is difficult to formalize the causes of vulnerability, and there is no effective model to reveal the causes and characteristics of vulnerability. In this paper, a vulnerability model construction method is proposed to realize the description of vulnerability attribute and the construction of a vulnerability model. A vulnerability model based on chemical abstract machine(CHAM) is constructed to realize the CHAM description of vulnerability model, and the framework of vulnerability model is also discussed. Case study is carried out to verify the feasibility and effectiveness of the proposed model. In addition, a prototype system is also designed and implemented based on the proposed vulnerability model. Experimental results show that the proposed model is more effective than other methods in the detection of software vulnerabilities.
文摘Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine(Droid Detector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test Droid Detector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. Droid Detector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.
基金supported by the National Natural Science Foundation of China (Nos.61202110 and 61502205)the Postdoctoral Science Foundation of China (Nos.2015M571687 and 2015M581739)the Graduate Research Innovation Project of Jiangsu Province (No.KYLX15 1079)
文摘Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keyword strings. However, existing string-searching algorithms are not very efficient or appropriate for the operation of searching monitor logs during component security testing. For mining abnormal information effectively in monitor logs, an improved string-searching algorithm is proposed. The main idea of this algorithm is to search for the first occurrence of a character in the main string. The character should be different and farther from the last character in the pattern string. With this algorithm, the backward moving distance of the pattern string will be increased and the matching time will be optimized. In the end, we conduct an experimental study based on our approach, the results of which show that the proposed algorithm finds strings in monitor logs 11.5% more efficiently than existing approaches.
基金This research is supported by National Key Research and Development Program of China (Nos. 2021YFF0307203 and 2019QY1300)Youth Innovation Promotion Association CAS (No. 2021156)+2 种基金the Strategic Priority Research Program of Chinese Academy of Sciences (No. XDC02040100)National Natural Science Foundation of China (No. 61802404)This work is also supported by the Program of Key Laboratory of Network Assessment Technology, the Chinese Academy of Sciences, Program of Beijing Key Laboratory of Network Security and Protection Technology.
文摘With the wide application and development of blockchain technology in various fields such as finance, government affairs and medical care, security incidents occur frequently on it, which brings great threats to users’ assets and information. Many researchers have worked on blockchain abnormal behavior awareness in respond to these threats. We summarize respectively the existing public blockchain and consortium blockchain abnormal behavior awareness methods and ideas in detail as the difference between the two types of blockchain. At the same time, we summarize and analyze the existing data sets related to mainstream blockchain security, and finally discuss possible future research directions. Therefore, this work can provide a reference for blockchain security awareness research.
