论保密管理专业的保密技术方向与网络空间安全学科

在信息安全二级学科15年的发展基础上,近期,国务院学位委员会批准在"工学"门类下增设"网络空间安全"一级学科. 另外,管理学门类下的一个二级学科保密管理的技术方向,经过近10年发展,与网络空间安全的学科建设既密切相关,又有所区别. 本文结合网络空间安全的学科特点,重点分析保密管理专业的技术方向与之的融合与扩展,试图探讨这二者在专业建设和人才培养上的一些新规律、新趋势.     

Massively parallel acceleration of a document-similarity classifier to detect web attacks

This paper describes our approach to adapting a text document similarity classifier based on the Term Frequency Inverse Document Frequency (TFIDF) metric to two massively multi-core hardware platforms. The TFIDF classifier is used to detect web attacks in HTTP data. In our parallel hardware approaches, we design streaming, real time classifiers by simplifying the sequential algorithm and manipulating the classifier’s model to allow decision information to be represented compactly. Parallel implementations on the Tilera 64-core System on Chip and the Xilinx Virtex 5-LX FPGA are presented. For the Tilera, we employ a reduced state machine to recognize dictionary terms without requiring explicit tokenization, and achieve throughput of 37 MB/s at a slightly reduced accuracy. For the FPGA, we have developed a set of software tools to help automate the process of converting training data to synthesizable hardware and to provide a means of trading off between accuracy and resource utilization. The Xilinx Virtex 5-LX implementation requires 0.2% of the memory used by the original algorithm. At 166 MB/s (80X the software) the hardware implementation is able to achieve Gigabit network throughput at the same accuracy as the original algorithm.     

Challenges and research directions for heterogeneous cyber–physical system based on IEC 61850: Vulnerabilities,security requirements,and security architecture

IEC 61850, an international standard for communication networks, is becoming prevalent in the cyber–physical system (CPS) environment, especially with regard to the electrical grid. Recently, since cyber threats in the CPS environment have increased, security matters for individual protocols used in this environment are being discussed at length. However, there have not been many studies on the types of new security vulnerabilities and the security requirements that are required in a heterogeneous protocol environment based on IEC 61850. In this paper, we examine the electrical grid in Korea, and discuss security vulnerabilities, security requirements, and security architectures in such an environment.     

Cybersecurity through the lens of Digital Identity and Data Protection: Issues and Trends

The use of a secure and robust digital identification system that is capable of protecting privacy is an essential, reliable and user-friendly element for a strong cyber resilience strategy and is a source of new business opportunities and applications for banks, private sector with a return on their investment.The march towards Digital Identity is well underway therefore, focus should be on both adoption and adaption of the new structures and regulations. These are needed to govern the associated services and transactions as well as establishing laws that enforce penalties for violations.There is no doubt then that more and more entities and institutions would move to the cloud. Security challenges affecting the cloud may not be new but the mode of addressing them would be different. The authors develop a Data Colouring technique for securing data processed or stored on both cloud and non-cloud platforms. The technique combines Public Key Infrastructure (PKI), concatenated fingerprints and digital watermarking. Using this technique, data can be secured at creation or during storage and remains secure during processing.     

基于可信计算构筑物联网安全边界

近年来，中国物联网政策支持力度不断加大，技术创新成果接连涌现，各领域应用持续深化，产业规模保持快速增长。本论文以物联网接入边界为切入点，探讨了物联网安全接入问题的解决方案。设计了基于可信计算3.0的物联网可信网关，以及安全管理中心，构建了可信的物联网安全边界接入系统。为各种异构物联网终端设备提供了安全屏障，隔绝了针对于物联网设备的网络安全威胁。     

Multilayer Self-Defense System to Protect Enterprise Cloud

A data breach can seriously impact organizational intellectual property, resources, time, and product value. The risk of system intrusion is augmented by the intrinsic openness of commonly utilized technologies like TCP/IP protocols. As TCP relies on IP addresses, an attacker may easily trace the IP address of the organization. Given that many organizations run the risk of data breach and cyber-attacks at a certain point, a repeatable and well-developed incident response framework is critical to shield them. Enterprise cloud possesses the challenges of security, lack of transparency, trust and loss of controls. Technology eases quickens the processing of information but holds numerous risks including hacking and confidentiality problems. The risk increases when the organization outsources the cloud storage services through the vendor and suffers from security breaches and need to create security systems to prevent data networks from being compromised. The business model also leads to insecurity issues which derail its popularity. An attack mitigation system is the best solution to protect online services from emerging cyber-attacks. This research focuses on cloud computing security, cyber threats, machine learning-based attack detection, and mitigation system. The proposed SDN-based multilayer machine learning-based self-defense system effectively detects and mitigates the cyber-attack and protects cloud-based enterprise solutions. The results show the accuracy of the proposed machine learning techniques and the effectiveness of attack detection and the mitigation system.     

Deployment of cybersecurity for managing traffic efficiency and safety in smart cities

Boosting the concept of smart cities for implementing an intelligent management of traffic congestion while reducing cybersecurity concerns will not only be more efficient for reducing traffic congestion but also more resilient to cyber incidents. In this paper we proposed a framework that can act as a generalized firewall and work interactively with several critical infrastructures in a smart city to protect the respective operations from a variety of cyber threats. The objective is to develop several steps for a comprehensive traffic management framework in smart cities that facilitates the cooperation among drivers and between drivers and the traffic management authority. The transformative nature of the proposed study supports its applications to a variety of networked critical infrastructures, including electricity, gas, water, rails, and telecommunications, as they intend to respond effectively to a wide range of weather- or human-related disruptions. The contributions of this paper include: Improving the traffic management performance in urban transportation systems, assessing and mitigating the cybersecurity risk in urban traffic management, and facilitating efficient and cyber-secure traffic management in metropolitan areas; Developing and testing an interactive simulation platform for evaluating the traffic management performance under various traffic conditions; Validating and demonstrating the applications in a practical urban transportation system; Disseminating the proposed study results to a wide range of concerned audiences via user-group meetings, detailed education forums, and a close collaboration with the local traffic management authority.     

A Vine Copula Model for Predicting the Effectiveness of Cyber Defense Early-Warning

Internet-based computer information systems play critical roles in many aspects of modern society. However, these systems are constantly under cyber attacks that can cause catastrophic consequences. To defend these systems effectively, it is necessary to measure and predict the effectiveness of cyber defense mechanisms. In this article, we investigate how to measure and predict the effectiveness of an important cyber defense mechanism that is known as early-warning. This turns out to be a challenging problem because we must accommodate the dependence among certain four-dimensional time series. In the course of using a dataset to demonstrate the prediction methodology, we discovered a new nonexchangeable and rotationally symmetric dependence structure, which may be of independent value. We propose a new vine copula model to accommodate the newly discovered dependence structure, and show that the new model can predict the effectiveness of early-warning more accurately than the others. We also discuss how to use the prediction methodology in practice.     

A Practical Approach to Constructing a Knowledge Graph for Cybersecurity

Cyberattack forms are complex and varied, and the detection and prediction of dynamic types of attack are always challenging tasks. Research on knowledge graphs is becoming increasingly mature in many fields. At present, it is very significant that certain scholars have combined the concept of the knowledge graph with cybersecurity in order to construct a cybersecurity knowledge base. This paper presents a cybersecurity knowledge base and deduction rules based on a quintuple model. Using machine learning, we extract entities and build ontology to obtain a cybersecurity knowledge base. New rules are then deduced by calculating formulas and using the path-ranking algorithm. The Stanford named entity recognizer (NER) is also used to train an extractor to extract useful information. Experimental results show that the Stanford NER provides many features and the useGazettes parameter may be used to train a recognizer in the cybersecurity domain in preparation for future work.     

Search and Rescue Optimization with Machine Learning Enabled Cybersecurity Model

Presently, smart cities play a vital role to enhance the quality of living among human beings in several ways such as online shopping, e-learning, e-healthcare, etc. Despite the benefits of advanced technologies, issues are also existed from the transformation of the physical word into digital word, particularly in online social networks (OSN). Cyberbullying (CB) is a major problem in OSN which needs to be addressed by the use of automated natural language processing (NLP) and machine learning (ML) approaches. This article devises a novel search and rescue optimization with machine learning enabled cybersecurity model for online social networks, named SRO-MLCOSN model. The presented SRO-MLCOSN model focuses on the identification of CB that occurred in social networking sites. The SRO-MLCOSN model initially employs Glove technique for word embedding process. Besides, a multiclass-weighted kernel extreme learning machine (M-WKELM) model is utilized for effectual identification and categorization of CB. Finally, Search and Rescue Optimization (SRO) algorithm is exploited to fine tune the parameters involved in the M-WKELM model. The experimental validation of the SRO-MLCOSN model on the benchmark dataset reported significant outcomes over the other approaches with precision, recall, and F1-score of 96.24%, 98.71%, and 97.46% respectively.