Search results

Advances in machine learning (ML) have made significant contributions to the development of intelligent and autonomous systems leading to concerns about resilience of such systems against cyberattacks. This paper aims to report findings from a quantitative analysis of literature within ML security to assess current research trends in ML security.

The study focuses on statistical analysis of literature published between 2000 and 2023, providing quantitative research contributions targeting authors, countries and interdisciplinary studies of organizations. This paper reports existing surveys and a comparison of publications of attacks on ML and its in-demand security. Furthermore, an in-depth study of keywords, citations and collaboration is presented to facilitate deeper analysis of this literature.

Trends identified between 2021 and 2022 highlight an increase in focus on adversarial ML – 40\% more publications compared to 2020–2022 with more than 90\% publications in journals. This paper has also identified trends with respect to citations, keywords analysis, annual publications, co-author citations and geographical collaboration highlighting China and the USA as the countries with highest publications count and Biggio B. as the researcher with collaborative strength of 143 co-authors which highlight significant pollination of ideas and knowledge. Keyword analysis highlighted deep learning and computer vision as the most common domains for adversarial attacks due to the potential to perturb images whilst being challenging to identify issues in deep learning because of complex architecture.

The study presented in this paper identifies research trends, author contributions and open research challenges that can facilitate further research in this domain.

Cybersecurity has received growing attention from academic researchers and industry practitioners as a strategy to accelerate performance gains and social sustainability. Meanwhile, firms are usually prone to cyber-risks that emanate from their supply chain partners especially third-party logistics providers (3PLs). Thus, it is crucial to implement cyber-risks management in 3PLs to achieve social sustainability in supply chains. However, these 3PLs are faced with critical difficulties which tend to hamper the consistent growth of cybersecurity. This paper aims to analyze these critical difficulties.

Data were sourced from 40 managers in Nigerian 3PLs with the aid of questionnaires. A novel quantitative methodology based on the synergetic combination of interval-valued neutrosophic analytic hierarchy process (IVN-AHP) and multi-objective optimization on the basis of a ratio analysis plus the full multiplicative form (MULTIMOORA) is applied. Sensitivity analysis and comparative analysis with other decision models were conducted.

Barriers were identified from published literature, finalized using experts’ inputs and classified under organizational, institutional and human (cultural values) dimensions. The results highlight the most critical dimension as human followed by organizational and institutional. Also, the results pinpointed indigenous beliefs (e.g. cyber-crime spiritualism), poor humane orientation, unavailable specific tools for managing cyber-risks and skilled workforce shortage as the most critical barriers that show the highest potential to elicit other barriers.

By illustrating the most significant barriers, this study will assist policy makers and industry practitioners in developing strategies in a coordinated and sequential manner to overcome these barriers and thus, achieve socially sustainable supply chains.

This research pioneers the use of IVN-AHP-MULTIMOORA to analyze cyber-risks management barriers in 3PLs for supply chain social sustainability in a developing nation.

In the field of cryptography, authentication, secrecy and identification can be accomplished by use of secret keys for any computer-based system. The need to acquire certificates endorsed through CA to substantiate users for the barter of encoded communications is one of the most significant constraints for the extensive recognition of PKC, as the technique takes too much time and susceptible to error. PKC’s certificate and key management operating costs are reduced with IBC. IBE is a crucial primeval in IBC. The thought behind presenting the IBE scheme was to diminish the complexity of certificate and key management, but it also gives rise to key escrow and key revocation problem, which provides access to unauthorised users for the encrypted information.

This paper aims to compare the result of IIBES with the existing system and to provide security analysis for the same and the proposed system can be used for the security in federated learning.

Furthermore, it can be implemented using other encryption/decryption algorithms like elliptic curve cryptography (ECC) to compare the execution efficiency. The proposed system can be used for the security in federated learning.

As a result, a novel enhanced IBE scheme: IIBES is suggested and implemented in JAVA programming language using RSA algorithm, which eradicates the key escrow problem through eliminating the need for a KGC and key revocation problem by sing sub-KGC (SKGC) and a shared secret with nonce. IIBES also provides authentication through IBS as well as it can be used for securing the data in federated learning.

To remain competitive in an unpredictable environment where the complexity and frequency of cybercrime are rapidly increasing, a cyber resiliency strategy is vital for business continuity. However, one of the barriers to improving cyber resilience is that security defense and accident recovery do not combine efficaciously, as embodied by emphasizing cyber security defense strategies, leaving firms ill-prepared to respond to attacks. The present study thus develops an expected resilience framework to assess cyber resilience, analyze cyber security defense and recovery investment strategies and balance security investment allocation strategies.

Based on the expected utility theory, this paper presents an expected resilience framework, including an expected investment resilience model and an expected profit resilience model that directly addresses the optimal joint investment decisions between defense and recovery. The effects of linear and nonlinear recovery functions, risk interdependence and cyber insurance on defense and recovery investment are also analyzed.

According to the findings, increasing the defense investment coefficient reduces defense and recovery investment while increasing the expected resilience. The nonlinear recovery function requires a smaller defense investment and overall security investment than the linear one, reflecting the former’s advantages in lowering cybersecurity costs. Moreover, risk interdependence has positive externalities for boosting defense and recovery investment, meaning that the expected profit resilience model can reduce free-riding behavior in security investments. Insurance creates moral hazard for firms by lowering defensive investment, yet after purchasing insurance, expanded coverage and cost-effectiveness incentivize firms to increase defense and recovery spending, respectively.

The paper is innovative in its methodology as it offers an expected cyber resilience framework for integrating defense and recovery investment and their effects on security investment allocation, which is crucial for building cybersecurity resilience but receives little attention in cybersecurity economics. It also provides theoretical advances for cyber resilience assessment and optimum investment allocation in other fields, such as cyber-physical systems, power and water infrastructure – moving from a resilience triangle metric to an expected utility theory-based method.

Although cloud storage services can bring users valuable convenience, they can be technically complex and intrinsically insecure. Therefore, this research explores the concerns of academic users regarding cloud security and technical issues and how such problems may influence their continuous use in daily life.

This qualitative study used a semi-structured interview approach comprising six main open-ended questions to explore the information security and technical issues for the continuous use of cloud storage services by 20 undergraduate students in Hong Kong.

The analysis revealed cloud storage service users' major security and technical concerns, particularly synchronization and backup issues, were the most significant technical barrier to the continuing personal use of cloud storage services.

Existing literature has focused on how cloud computing services could bring benefits and security and privacy-related risks to organizations rather than security and technical issues of personal use, especially in the Asian academic context.

This paper aims to provide the security and privacy for Byzantine clients from different types of attacks.

In this paper, the authors use Federated Learning Algorithm Based On Matrix Mapping For Data Privacy over Edge Computing.

By using Softmax layer probability distribution for model byzantine tolerance can be increased from 40% to 45% in the blocking-convergence attack, and the edge backdoor attack can be stopped.

By using Softmax layer probability distribution for model the results of the tests, the aggregation method can protect at least 30% of Byzantine clients.

In the cloud-computing environment, privacy preservation and enabling security to the cloud data is a crucial and demanding task. In both the commercial and academic world, the privacy of important and sensitive data needs to be safeguarded from unauthorized users to improve its security. Therefore, several key generations, encryption and decryption algorithms are developed for data privacy preservation in the cloud environment. Still, the outsourced data remains with the problems like minimum data security, time consumption and increased computational complexity. The purpose of this research study is to develop an effective cryptosystem algorithm to secure the outsourced data with minimum computational complexity.

A new cryptosystem algorithm is proposed in this paper to address the above-mentioned concerns. The introduced cryptosystem algorithm has combined the ElGamal algorithm and hyperchaotic sequence, which effectively encrypts the outsourced data and diminishes the computational complexity of the system.

In the resulting section, the proposed improved ElGamal cryptosystem (IEC) algorithm performance is validated using the performance metrics like encryption time, execution time, decryption time and key generation comparison time. The IEC algorithm approximately reduced 0.08–1.786 ms of encryption and decryption time compared to the existing model: secure data deletion and verification.

The IEC algorithm significantly enhances the data security in cloud environments by increasing the power of key pairs. In this manuscript, the conventional ElGamal algorithm is integrated with the pseudorandom sequences for a pseudorandom key generation for improving the outsourced cloud data security.

Adverse cyber events, like death and taxes, have become inevitable. They are an increasingly common feature of organisational life. Their aftermaths are a critical and under-examined context and dynamic space within which to examine trust. In this paper, we address this deficit.

Drawing on pertinent theory and reports of empirical studies, we outline the basis of two alternative subsequent trajectories, drawing out the relationships between trust, vulnerability and emotion, both positive and negative, in the aftermath of an adverse cyber event.

We combine stage theory and social information processing theories to delineate the dynamics of trust processes and their multilevel trajectories during adverse cyber event aftermaths. We consider two response trajectories to chart the way vulnerability arises at different levels within these social systems to create self-reinforcing trust and distrust spirals. These ripple out to impact multiple levels of the organisation by either amplifying or relieving vulnerability.

The way adverse cyber events aftermaths are managed has immediate and long-term consequences for organisational stakeholders. Actions impact resilience and the ability to preserve the social fabric of the organisations. Subsequent trajectories can be “negative” or “positive”. The “negative” trajectory is characterised by efforts to identify and punish the employee whose actions facilitated the adverse events, i.e. the “who”. Public scapegoating might follow thereby amplifying perceived vulnerability and reducing trust across the board. By contrast, the “positive” trajectory relieves perceived vulnerability by focusing on, and correcting, situational causatives. Here, the focus is on the “what” and “why” of the event.

We raise the importance of responding in a constructive way to adverse cyber events.

The aftermaths of cyber attacks in organisations are a critical, neglected context. We explore the interplay between trust and vulnerability and its implications for management “best practice”.