The agricultural Internet of Things(IoT)system is a critical component of modern smart agriculture,and its security risk assessment methods have garnered increasing attention from the industry.Current agricultural IoT...The agricultural Internet of Things(IoT)system is a critical component of modern smart agriculture,and its security risk assessment methods have garnered increasing attention from the industry.Current agricultural IoT security risk assessment methods primarily rely on expert judgment,introducing subjective factors that reduce the credibility of the assessment results.To address this issue,this study constructed a dataset for agricultural IoT security risk assessment based on real-world security reports.A PCARF algorithm,built on random forest principles,was proposed,incorporating ensemble learning strategies to enhance prediction accuracy.Compared to the second-best model,the proposed model demonstrated a 2.7%increase in accuracy,a 3.4%improvement in recall rate,a 3.1%rise in Area Under the Curve(AUC),and a 7.9%boost in Matthews Correlation Coefficient(MCC).Extensive comparative experiments showed that the proposed model outperforms others in prediction accuracy and robustness.展开更多
Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when ...Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when data are incomplete.The existing grey relational models have some disadvantages in measuring the correlation between categorical data sequences.To this end,this paper introduces a new grey relational model to analyze heterogeneous data.In this study,a set of security risk factors for small reservoirs was first constructed based on theoretical analysis,and heterogeneous data of these factors were recorded as sequences.The sequences were regarded as random variables,and the information entropy and conditional entropy between sequences were measured to analyze the relational degree between risk factors.Then,a new grey relational analysis model for heterogeneous data was constructed,and a comprehensive security risk factor identification method was developed.A case study of small reservoirs in Guangxi Zhuang Autonomous Region in China shows that the model constructed in this study is applicable to security risk factor identification for small reservoirs with heterogeneous and sparse data.展开更多
In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application o...In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.展开更多
Security is an important component in the process of developing healthcare web applications.We need to ensure security maintenance;therefore the analysis of healthcare web application’s security risk is of utmost imp...Security is an important component in the process of developing healthcare web applications.We need to ensure security maintenance;therefore the analysis of healthcare web application’s security risk is of utmost importance.Properties must be considered to minimise the security risk.Additionally,security risk management activities are revised,prepared,implemented,tracked,and regularly set up efficiently to design the security of healthcare web applications.Managing the security risk of a healthcare web application must be considered as the key component.Security is,in specific,seen as an add-on during the development process of healthcare web applications,but not as the key problem.Researchers must ensure that security is taken into account right from the earlier developmental stages of the healthcare web application.In this row,the authors of this study have used the hesitant fuzzy-based AHP-TOPSIS technique to estimate the risks of various healthcare web applications for improving security-durability.This approach would help to design and incorporate security features in healthcare web applications that would be able to battle threats on their own,and not depend solely on the external security of healthcare web applications.Furthermore,in terms of healthcare web application’s security-durability,the security risk variable is measured,and vice versa.Hence,the findings of our study will also be useful in improving the durability of several web applications in healthcare.展开更多
With the rapidly escalating use of smart devices and fraudulent transaction of users' data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue...With the rapidly escalating use of smart devices and fraudulent transaction of users' data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques.展开更多
In this paper, we propose a non-cooperative differential game theory based resource allocation approach for the network security risk assessment. For the risk assessment, the resource will be used for risk assess, inc...In this paper, we propose a non-cooperative differential game theory based resource allocation approach for the network security risk assessment. For the risk assessment, the resource will be used for risk assess, including response cost and response negative cost. The whole assessment process is considered as a differential game for optimal resource control. The proposed scheme can be obtained through the Nash Equilibrium. It is proved that the game theory based algorithm is applicable and the optimal resource level can be achieved based on the proposed algorithm.展开更多
In the recent years,the booming web-based applications have attracted the hackers’community.The security risk of the web-based hospital management system(WBHMS)has been increasing rapidly.In the given context,the mai...In the recent years,the booming web-based applications have attracted the hackers’community.The security risk of the web-based hospital management system(WBHMS)has been increasing rapidly.In the given context,the main goal of all security professionals and website developers is to maintain security divisions and improve on the user’s confidence and satisfaction.At this point,the different WBHMS tackle different types of security risks.In WBHMS,the security of the patients’medical information is of utmost importance.All in all,there is an inherent security risk of data and assets in the field of the medical industry as a whole.The objective of this study is to estimate the security risk assessment of WBHMS.The risks assessment pertains to securing the integrity of the information in alignment with the Health Insurance Portability and Accountability Act.This includes protecting the relevant financial records,as well as the identification,evaluation,and prevention of a data breach.In the past few years,according to the US-based cyber-security firm Fire-eye,6.8 million data thefts have been recorded in the healthcare sector in India.The breach barometer report mentions that in the year 2019,the data breaches found were up to 48.6%as compared to the year 2018.Therefore,it is very important to assess the security risk in WBHMS.In this research,we have followed the hybrid technique fuzzy analytic hierarchy process-technique for order of preference by similarity to ideal solution(F-AHPTOPSIS)approach to assess the security risk in WBHMS.The place of this empirical database is at the local hospital of Varanasi,U.P.,India.Given the affectability of WBHMS for its board framework,this work has used diverse types of web applications.The outcomes obtained and the procedure used in this assessment would support future researchers and specialists in organizing web applications through advanced support of safety and security.展开更多
With the development of economy,China has to fight against the increasing public security risk. The theory of risk society points out that the traditional system of hierarchical management should be transformed into t...With the development of economy,China has to fight against the increasing public security risk. The theory of risk society points out that the traditional system of hierarchical management should be transformed into the governance system led by government and participated in by multiple parties to avoid and reduce risk in modern society. In order to achieve modernization of the national governance system and capacity,we have to deal with these two important subjects,that is,what can we learn from the Western risk society theory and how to establish a scientific and efficient public security risk management system based on the characteristics of modern public security risk.展开更多
Identification and resolution system of the industrial Internet is the“neural hub”of the industrial Internet for coordination.Catastrophic damage to the whole industrial Internet industry ecology may be caused if th...Identification and resolution system of the industrial Internet is the“neural hub”of the industrial Internet for coordination.Catastrophic damage to the whole industrial Internet industry ecology may be caused if the identification and resolution system is attacked.Moreover,it may become a threat to national security.Therefore,security plays an important role in identification and resolution system of the industrial Internet.In this paper,an innovative security risk analysis model is proposed for the first time,which can help control risks from the root at the initial stage of industrial Internet construction,provide guidance for related enterprises in the early design stage of identification and resolution system of the industrial Internet,and promote the healthy and sustainable development of the industrial identification and resolution system.展开更多
In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesi...In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesian attack graph model is established, which takes attack benefits and threat factors into consideration. Compared with the existing attack graph models, it can better describe the website's security risk. Then, the improved Bayesian attack graph is constructed with optimized website attack graph, attack benefit nodes, threat factor nodes and the local conditional probability distribution of each node, which is calculated accordingly. Finally, website's attack probability and risk value are calculated on the level of nodes, hosts and the whole website separately. The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.展开更多
Energy security is a crucial aspect of modern societies,as it directly impacts the availability,accessibility,and reliability of energy sources.The reliance on natural resources and geopolitical factors in shaping ene...Energy security is a crucial aspect of modern societies,as it directly impacts the availability,accessibility,and reliability of energy sources.The reliance on natural resources and geopolitical factors in shaping energy security has gained significant attention in recent years.Natural resources and geopolitical risk are examined in 38 countries at risk of geopolitical conflict between 1990 and 2021 by examining CO_(2) emissions,renewable energy consumption,and foreign direct investment as controlling variables.The long-run analysis conducted in this study focused on slope heterogeneity,Westerlund cointegration,and dynamic panel data estimation.The findings indicated that the energy security index is positively associated with various determinants,including natural resources,geopolitical risk,CO_(2) emissions,and renewable energy consumption.However,foreign direct investment was found to be negatively associated with the energy security index among the selected 38 geopolitical risk countries.The role of natural resources and geopolitical risk in energy security cannot be overlooked.Natural resources provide the raw materials for generating electricity and powering our societies,while geopolitical risks can disrupt energy supply chains and threaten stability.Achieving sustainable energy security requires a comprehensive approach that addresses both aspects of energy provision.Transitioning to renewable energy sources,improving energy efficiency,diversifying energy supplies,promoting international cooperation,and conserving natural resources are essential steps towards a more sustainable and resilient energy future.展开更多
With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by ...With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by malicious attackers.To address the issue,this paper proposes a security risk assessment method and a risk-oriented defense resource allocation strategy for cyber-physical distribution networks(CPDNs)against coordinated cyber attacks.First,an attack graph-based CPDN architecture is constructed,and representative cyber-attack paths are drawn considering the CPDN topology and the risk propagation process.The probability of a successful coordinated cyber attack and incurred security risks are quantitatively assessed based on the absorbing Markov chain model and National Institute of Standards and Technology(NIST)standard.Next,a risk-oriented defense resource allocation strategy is proposed for CPDNs in different attack scenarios.The tradeoff between security risk and limited resource budget is formulated as a multi-objective optimization(MOO)problem,which is solved by an efficient optimal Pareto solution generation approach.By employing a generational distance metric,the optimal solution is prioritized from the optimal Pareto set of the MOO and leveraged for subsequent atomic allocation of defense resources.Several case studies on a modified IEEE 123-node test feeder substantiate the efficacy of the proposed security risk assessment method and risk-oriented defense resource allocation strategy.展开更多
As the proportion of wind power generation increases in power systems,it is necessary to develop new ways for wind power accommodation and improve the existing power dispatch model.The power-to-gas technology,which of...As the proportion of wind power generation increases in power systems,it is necessary to develop new ways for wind power accommodation and improve the existing power dispatch model.The power-to-gas technology,which offers a new approach to accommodate surplus wind power,is an excellent way to solve the former.Hence,this paper proposes to involve power-to-gas technology in the integrated electricity and natural gas systems(IEGSs).To solve the latter,on one hand,a new indicator,the scale factor of wind power integration,is introduced into the wind power stochastic model to better describe the uncertainty of grid-connected wind power;on the other hand,for quantizing and minimizing the impact of the uncertainties of wind power and system loads on system security,security risk constraints are established for the IEGS by the conditional value-at-risk method.By considering these two aspects,an MILP formulation of a security-risk based stochastic dynamic economic dispatch model for an IEGS is established,and GUROBI obtained from GAMS is used for the solution.Case studies are conducted on an IEGS consisting of a modified IEEE 39-bus system and the Belgium 20-node natural gas system to examine the effectiveness of the proposed dispatch model.展开更多
Aiming at the issues of privacy security in Internet of Things (IoT) applications, we propose an effective risk assessment model to handle probabilistic causality of evaluation factors and derive weights of influenc...Aiming at the issues of privacy security in Internet of Things (IoT) applications, we propose an effective risk assessment model to handle probabilistic causality of evaluation factors and derive weights of influence-relation of propagation paths. The model undertakes probabilistic inference and generates values of risk probability for assets and propagation paths by using Bayesian causal relation-network and prior probability. According to Bayes- ian network (BN) structure, the risk analysts can easily find out relevant risk propagation paths and calculate weight values of each path by using decision-making trial and evaluation laboratory (DEMATEL). This model is applied to determine the risk level of assets and each risk propagation path as well as implement countermeasure of recommendation in accordance with evaluation results. The simulation analysis shows that this model efficiently revises recommendation of countermeasures for decision-makers and mitigates risk to an acceptable range, in addition, it provides the theoretical basis for decision-making of privacy security risk assessment (PSRA) for further development in lot area.展开更多
Clarifying the relationship between internet use and public information security risk perception helps us gain a better understanding of the factors influencing public risk perception.However,the relationship is still...Clarifying the relationship between internet use and public information security risk perception helps us gain a better understanding of the factors influencing public risk perception.However,the relationship is still under-explored.This paper empirically examines the relationship between internet use and information security risk perception based on data from the 2021 Chinese Social Survey.It was found that whether to use the internet and the frequency of use are both significantly positively correlated with the perception of information security risk.On this basis,the mechanism by which internet use affects public information security risk perceptions is verified from the perspective of interpersonal trust.The mechanism analysis found that interpersonal trust exerts an indirect effect between internet use and perceived information security risk.The findings of this study provide new insights for our further understanding of how internet use affects residents'perceptions of securityrisk.展开更多
With the exponential increase in information security risks,ensuring the safety of aircraft heavily relies on the accurate performance of risk assessment.However,experts possess a limited understanding of fundamental ...With the exponential increase in information security risks,ensuring the safety of aircraft heavily relies on the accurate performance of risk assessment.However,experts possess a limited understanding of fundamental security elements,such as assets,threats,and vulnerabilities,due to the confidentiality of airborne networks,resulting in cognitive uncertainty.Therefore,the Pythagorean fuzzy Analytic Hierarchy Process(AHP)Technique for Order Preference by Similarity to an Ideal Solution(TOPSIS)is proposed to address the expert cognitive uncertainty during information security risk assessment for airborne networks.First,Pythagorean fuzzy AHP is employed to construct an index system and quantify the pairwise comparison matrix for determining the index weights,which is used to solve the expert cognitive uncertainty in the process of evaluating the index system weight of airborne networks.Second,Pythagorean fuzzy the TOPSIS to an Ideal Solution is utilized to assess the risk prioritization of airborne networks using the Pythagorean fuzzy weighted distance measure,which is used to address the cognitive uncertainty in the evaluation process of various indicators in airborne network threat scenarios.Finally,a comparative analysis was conducted.The proposed method demonstrated the highest Kendall coordination coefficient of 0.952.This finding indicates superior consistency and confirms the efficacy of the method in addressing expert cognition during information security risk assessment for airborne networks.展开更多
It will be an important task to improve the ability to use and manage the blockchain and facilitate the development of China’s cyber and digital economy in a safe and benign way during the 14th Five-Year Plan period(...It will be an important task to improve the ability to use and manage the blockchain and facilitate the development of China’s cyber and digital economy in a safe and benign way during the 14th Five-Year Plan period(2021–2025).The synchronous“shock reduction”of the top-level system is needed to escort the safe and benign development of blockchain as the driving force and potential energy of blockchain development is released at a high speed.As an important prerequisite for exploring the design ideas of the top-level system of blockchain,it is necessary to grasp the international and domestic development opportunity of blockchain and identify its internal and external security risks.During the 14th Five-Year Plan period,China should establish the legislative concept of the organic integration of legal governance and technological governance,establish an effective market competition mechanism driven by the coupling of incentives and regulations,and realize the management synergy between government plans and enterprise strategies.For the sake of promoting the safe and benign development of blockchain,it is the fundamental policy to accelerate blockchain technology development by developing key technologies,advancing the industrial innovation process and strengthening the construction of talent pool.Meanwhile,it is the safeguarding policy to strengthen the top-level system design of blockchain through advancing legislation timely,improving market mechanisms and optimizing governance system.展开更多
Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniq...Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniques coming up rapidly.The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle(SDLC)by analyzing the articles published in the last two decades and to propose a way forward.This review follows Kitchenham’s review protocol.The review has been divided into three main stages including planning,execution,and analysis.From the selected 100 articles,it becomes evident that need of a collaborative approach is necessary for addressing critical software security risks(CSSRs)through effective risk management/estimation techniques.Quantifying risks using a numeric scale enables a comprehensive understanding of their severity,facilitating focused resource allocation and mitigation efforts.Through a comprehensive understanding of potential vulnerabilities and proactive mitigation efforts facilitated by protection poker,organizations can prioritize resources effectively to ensure the successful outcome of projects and initiatives in today’s dynamic threat landscape.The review reveals that threat analysis and security testing are needed to develop automated tools for the future.Accurate estimation of effort required to prioritize potential security risks is a big challenge in software security.The accuracy of effort estimation can be further improved by exploring new techniques,particularly those involving deep learning.It is also imperative to validate these effort estimation methods to ensure all potential security threats are addressed.Another challenge is selecting the right model for each specific security threat.To achieve a comprehensive evaluation,researchers should use well-known benchmark checklists.展开更多
The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security....The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.展开更多
文摘The agricultural Internet of Things(IoT)system is a critical component of modern smart agriculture,and its security risk assessment methods have garnered increasing attention from the industry.Current agricultural IoT security risk assessment methods primarily rely on expert judgment,introducing subjective factors that reduce the credibility of the assessment results.To address this issue,this study constructed a dataset for agricultural IoT security risk assessment based on real-world security reports.A PCARF algorithm,built on random forest principles,was proposed,incorporating ensemble learning strategies to enhance prediction accuracy.Compared to the second-best model,the proposed model demonstrated a 2.7%increase in accuracy,a 3.4%improvement in recall rate,a 3.1%rise in Area Under the Curve(AUC),and a 7.9%boost in Matthews Correlation Coefficient(MCC).Extensive comparative experiments showed that the proposed model outperforms others in prediction accuracy and robustness.
基金supported by the National Nature Science Foundation of China(Grant No.71401052)the National Social Science Foundation of China(Grant No.17BGL156)the Key Project of the National Social Science Foundation of China(Grant No.14AZD024)
文摘Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when data are incomplete.The existing grey relational models have some disadvantages in measuring the correlation between categorical data sequences.To this end,this paper introduces a new grey relational model to analyze heterogeneous data.In this study,a set of security risk factors for small reservoirs was first constructed based on theoretical analysis,and heterogeneous data of these factors were recorded as sequences.The sequences were regarded as random variables,and the information entropy and conditional entropy between sequences were measured to analyze the relational degree between risk factors.Then,a new grey relational analysis model for heterogeneous data was constructed,and a comprehensive security risk factor identification method was developed.A case study of small reservoirs in Guangxi Zhuang Autonomous Region in China shows that the model constructed in this study is applicable to security risk factor identification for small reservoirs with heterogeneous and sparse data.
文摘In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.
基金Funding for this study was received from the Ministry of Education and Deanship of Scientific Research at King Abdulaziz University,Kingdom of Saudi Arabia under Grant No.IFPHI-286-611-2020.
文摘Security is an important component in the process of developing healthcare web applications.We need to ensure security maintenance;therefore the analysis of healthcare web application’s security risk is of utmost importance.Properties must be considered to minimise the security risk.Additionally,security risk management activities are revised,prepared,implemented,tracked,and regularly set up efficiently to design the security of healthcare web applications.Managing the security risk of a healthcare web application must be considered as the key component.Security is,in specific,seen as an add-on during the development process of healthcare web applications,but not as the key problem.Researchers must ensure that security is taken into account right from the earlier developmental stages of the healthcare web application.In this row,the authors of this study have used the hesitant fuzzy-based AHP-TOPSIS technique to estimate the risks of various healthcare web applications for improving security-durability.This approach would help to design and incorporate security features in healthcare web applications that would be able to battle threats on their own,and not depend solely on the external security of healthcare web applications.Furthermore,in terms of healthcare web application’s security-durability,the security risk variable is measured,and vice versa.Hence,the findings of our study will also be useful in improving the durability of several web applications in healthcare.
文摘With the rapidly escalating use of smart devices and fraudulent transaction of users' data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques.
基金supported by the China Postdoctoral Science Foundation(No.2015M570936)National Science Foundation Project of P.R.China(No.61501026,61272506)Fundamental Research Funds for the Central Universities(No.FRF-TP-15032A1)
文摘In this paper, we propose a non-cooperative differential game theory based resource allocation approach for the network security risk assessment. For the risk assessment, the resource will be used for risk assess, including response cost and response negative cost. The whole assessment process is considered as a differential game for optimal resource control. The proposed scheme can be obtained through the Nash Equilibrium. It is proved that the game theory based algorithm is applicable and the optimal resource level can be achieved based on the proposed algorithm.
基金funded by Grant No.12-INF2970-10 from the National Science,Technology and Innovation Plan(MAARIFAH)the King Abdul-Aziz City for Science and Technology(KACST),Saudi Arabia.
文摘In the recent years,the booming web-based applications have attracted the hackers’community.The security risk of the web-based hospital management system(WBHMS)has been increasing rapidly.In the given context,the main goal of all security professionals and website developers is to maintain security divisions and improve on the user’s confidence and satisfaction.At this point,the different WBHMS tackle different types of security risks.In WBHMS,the security of the patients’medical information is of utmost importance.All in all,there is an inherent security risk of data and assets in the field of the medical industry as a whole.The objective of this study is to estimate the security risk assessment of WBHMS.The risks assessment pertains to securing the integrity of the information in alignment with the Health Insurance Portability and Accountability Act.This includes protecting the relevant financial records,as well as the identification,evaluation,and prevention of a data breach.In the past few years,according to the US-based cyber-security firm Fire-eye,6.8 million data thefts have been recorded in the healthcare sector in India.The breach barometer report mentions that in the year 2019,the data breaches found were up to 48.6%as compared to the year 2018.Therefore,it is very important to assess the security risk in WBHMS.In this research,we have followed the hybrid technique fuzzy analytic hierarchy process-technique for order of preference by similarity to ideal solution(F-AHPTOPSIS)approach to assess the security risk in WBHMS.The place of this empirical database is at the local hospital of Varanasi,U.P.,India.Given the affectability of WBHMS for its board framework,this work has used diverse types of web applications.The outcomes obtained and the procedure used in this assessment would support future researchers and specialists in organizing web applications through advanced support of safety and security.
文摘With the development of economy,China has to fight against the increasing public security risk. The theory of risk society points out that the traditional system of hierarchical management should be transformed into the governance system led by government and participated in by multiple parties to avoid and reduce risk in modern society. In order to achieve modernization of the national governance system and capacity,we have to deal with these two important subjects,that is,what can we learn from the Western risk society theory and how to establish a scientific and efficient public security risk management system based on the characteristics of modern public security risk.
基金supported by the 2018 Industrial Internet Innovation and Development Project--Industrial Internet Identification Resolution System National Top-Level Node Construction Project (Phase Ⅰ)
文摘Identification and resolution system of the industrial Internet is the“neural hub”of the industrial Internet for coordination.Catastrophic damage to the whole industrial Internet industry ecology may be caused if the identification and resolution system is attacked.Moreover,it may become a threat to national security.Therefore,security plays an important role in identification and resolution system of the industrial Internet.In this paper,an innovative security risk analysis model is proposed for the first time,which can help control risks from the root at the initial stage of industrial Internet construction,provide guidance for related enterprises in the early design stage of identification and resolution system of the industrial Internet,and promote the healthy and sustainable development of the industrial identification and resolution system.
基金supported by the project of the State Key Program of National Natural Science Foundation of China (No. 90818021)supported by a grant from the national high technology research and development program of China (863program) (No.2012AA012903)
文摘In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesian attack graph model is established, which takes attack benefits and threat factors into consideration. Compared with the existing attack graph models, it can better describe the website's security risk. Then, the improved Bayesian attack graph is constructed with optimized website attack graph, attack benefit nodes, threat factor nodes and the local conditional probability distribution of each node, which is calculated accordingly. Finally, website's attack probability and risk value are calculated on the level of nodes, hosts and the whole website separately. The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.
基金funded by a grant from the Interdisciplinary Research Institute in New Finance and Economics,Hubei University of Economics(No.JXZD202403).
文摘Energy security is a crucial aspect of modern societies,as it directly impacts the availability,accessibility,and reliability of energy sources.The reliance on natural resources and geopolitical factors in shaping energy security has gained significant attention in recent years.Natural resources and geopolitical risk are examined in 38 countries at risk of geopolitical conflict between 1990 and 2021 by examining CO_(2) emissions,renewable energy consumption,and foreign direct investment as controlling variables.The long-run analysis conducted in this study focused on slope heterogeneity,Westerlund cointegration,and dynamic panel data estimation.The findings indicated that the energy security index is positively associated with various determinants,including natural resources,geopolitical risk,CO_(2) emissions,and renewable energy consumption.However,foreign direct investment was found to be negatively associated with the energy security index among the selected 38 geopolitical risk countries.The role of natural resources and geopolitical risk in energy security cannot be overlooked.Natural resources provide the raw materials for generating electricity and powering our societies,while geopolitical risks can disrupt energy supply chains and threaten stability.Achieving sustainable energy security requires a comprehensive approach that addresses both aspects of energy provision.Transitioning to renewable energy sources,improving energy efficiency,diversifying energy supplies,promoting international cooperation,and conserving natural resources are essential steps towards a more sustainable and resilient energy future.
基金supported by the National Natural Science Foundation of China(No.52377086)the Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX23_0063)。
文摘With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by malicious attackers.To address the issue,this paper proposes a security risk assessment method and a risk-oriented defense resource allocation strategy for cyber-physical distribution networks(CPDNs)against coordinated cyber attacks.First,an attack graph-based CPDN architecture is constructed,and representative cyber-attack paths are drawn considering the CPDN topology and the risk propagation process.The probability of a successful coordinated cyber attack and incurred security risks are quantitatively assessed based on the absorbing Markov chain model and National Institute of Standards and Technology(NIST)standard.Next,a risk-oriented defense resource allocation strategy is proposed for CPDNs in different attack scenarios.The tradeoff between security risk and limited resource budget is formulated as a multi-objective optimization(MOO)problem,which is solved by an efficient optimal Pareto solution generation approach.By employing a generational distance metric,the optimal solution is prioritized from the optimal Pareto set of the MOO and leveraged for subsequent atomic allocation of defense resources.Several case studies on a modified IEEE 123-node test feeder substantiate the efficacy of the proposed security risk assessment method and risk-oriented defense resource allocation strategy.
基金This work was supported by National Natural Science Foundation of China(No.51777077)Natural Science Foundation of Guangdong Province(2017A030313304).
文摘As the proportion of wind power generation increases in power systems,it is necessary to develop new ways for wind power accommodation and improve the existing power dispatch model.The power-to-gas technology,which offers a new approach to accommodate surplus wind power,is an excellent way to solve the former.Hence,this paper proposes to involve power-to-gas technology in the integrated electricity and natural gas systems(IEGSs).To solve the latter,on one hand,a new indicator,the scale factor of wind power integration,is introduced into the wind power stochastic model to better describe the uncertainty of grid-connected wind power;on the other hand,for quantizing and minimizing the impact of the uncertainties of wind power and system loads on system security,security risk constraints are established for the IEGS by the conditional value-at-risk method.By considering these two aspects,an MILP formulation of a security-risk based stochastic dynamic economic dispatch model for an IEGS is established,and GUROBI obtained from GAMS is used for the solution.Case studies are conducted on an IEGS consisting of a modified IEEE 39-bus system and the Belgium 20-node natural gas system to examine the effectiveness of the proposed dispatch model.
基金Supported by the National Key Technology Research and Development Program in the 12th Five year Plan of China(2012BAH08B02)the National Natural Science Foundation of China(61272513)the Project of Humanities and Social Sciences of Ministry of Education in China(10YJC630385)
文摘Aiming at the issues of privacy security in Internet of Things (IoT) applications, we propose an effective risk assessment model to handle probabilistic causality of evaluation factors and derive weights of influence-relation of propagation paths. The model undertakes probabilistic inference and generates values of risk probability for assets and propagation paths by using Bayesian causal relation-network and prior probability. According to Bayes- ian network (BN) structure, the risk analysts can easily find out relevant risk propagation paths and calculate weight values of each path by using decision-making trial and evaluation laboratory (DEMATEL). This model is applied to determine the risk level of assets and each risk propagation path as well as implement countermeasure of recommendation in accordance with evaluation results. The simulation analysis shows that this model efficiently revises recommendation of countermeasures for decision-makers and mitigates risk to an acceptable range, in addition, it provides the theoretical basis for decision-making of privacy security risk assessment (PSRA) for further development in lot area.
基金supported by the National Social Science Fund of China"Research on Urban Compound Risk Analysis and Governance Based on Large-Scale Survey Data"(23&ZD144).
文摘Clarifying the relationship between internet use and public information security risk perception helps us gain a better understanding of the factors influencing public risk perception.However,the relationship is still under-explored.This paper empirically examines the relationship between internet use and information security risk perception based on data from the 2021 Chinese Social Survey.It was found that whether to use the internet and the frequency of use are both significantly positively correlated with the perception of information security risk.On this basis,the mechanism by which internet use affects public information security risk perceptions is verified from the perspective of interpersonal trust.The mechanism analysis found that interpersonal trust exerts an indirect effect between internet use and perceived information security risk.The findings of this study provide new insights for our further understanding of how internet use affects residents'perceptions of securityrisk.
基金supported by the Fundamental Research Funds for the Central Universities of CAUC(3122022076)National Natural Science Foundation of China(NSFC)(U2133203).
文摘With the exponential increase in information security risks,ensuring the safety of aircraft heavily relies on the accurate performance of risk assessment.However,experts possess a limited understanding of fundamental security elements,such as assets,threats,and vulnerabilities,due to the confidentiality of airborne networks,resulting in cognitive uncertainty.Therefore,the Pythagorean fuzzy Analytic Hierarchy Process(AHP)Technique for Order Preference by Similarity to an Ideal Solution(TOPSIS)is proposed to address the expert cognitive uncertainty during information security risk assessment for airborne networks.First,Pythagorean fuzzy AHP is employed to construct an index system and quantify the pairwise comparison matrix for determining the index weights,which is used to solve the expert cognitive uncertainty in the process of evaluating the index system weight of airborne networks.Second,Pythagorean fuzzy the TOPSIS to an Ideal Solution is utilized to assess the risk prioritization of airborne networks using the Pythagorean fuzzy weighted distance measure,which is used to address the cognitive uncertainty in the evaluation process of various indicators in airborne network threat scenarios.Finally,a comparative analysis was conducted.The proposed method demonstrated the highest Kendall coordination coefficient of 0.952.This finding indicates superior consistency and confirms the efficacy of the method in addressing expert cognition during information security risk assessment for airborne networks.
基金This paper is supported by Beijing Social Science Foundation Project“Simulation of Beijing License Plate Supply and Trading Mechanism Construction”(No.16GLC039).
文摘It will be an important task to improve the ability to use and manage the blockchain and facilitate the development of China’s cyber and digital economy in a safe and benign way during the 14th Five-Year Plan period(2021–2025).The synchronous“shock reduction”of the top-level system is needed to escort the safe and benign development of blockchain as the driving force and potential energy of blockchain development is released at a high speed.As an important prerequisite for exploring the design ideas of the top-level system of blockchain,it is necessary to grasp the international and domestic development opportunity of blockchain and identify its internal and external security risks.During the 14th Five-Year Plan period,China should establish the legislative concept of the organic integration of legal governance and technological governance,establish an effective market competition mechanism driven by the coupling of incentives and regulations,and realize the management synergy between government plans and enterprise strategies.For the sake of promoting the safe and benign development of blockchain,it is the fundamental policy to accelerate blockchain technology development by developing key technologies,advancing the industrial innovation process and strengthening the construction of talent pool.Meanwhile,it is the safeguarding policy to strengthen the top-level system design of blockchain through advancing legislation timely,improving market mechanisms and optimizing governance system.
文摘Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniques coming up rapidly.The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle(SDLC)by analyzing the articles published in the last two decades and to propose a way forward.This review follows Kitchenham’s review protocol.The review has been divided into three main stages including planning,execution,and analysis.From the selected 100 articles,it becomes evident that need of a collaborative approach is necessary for addressing critical software security risks(CSSRs)through effective risk management/estimation techniques.Quantifying risks using a numeric scale enables a comprehensive understanding of their severity,facilitating focused resource allocation and mitigation efforts.Through a comprehensive understanding of potential vulnerabilities and proactive mitigation efforts facilitated by protection poker,organizations can prioritize resources effectively to ensure the successful outcome of projects and initiatives in today’s dynamic threat landscape.The review reveals that threat analysis and security testing are needed to develop automated tools for the future.Accurate estimation of effort required to prioritize potential security risks is a big challenge in software security.The accuracy of effort estimation can be further improved by exploring new techniques,particularly those involving deep learning.It is also imperative to validate these effort estimation methods to ensure all potential security threats are addressed.Another challenge is selecting the right model for each specific security threat.To achieve a comprehensive evaluation,researchers should use well-known benchmark checklists.
文摘The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.
