Search results

With the rapid development of Internet technology, cybersecurity threats such as security loopholes, data leaks, network fraud, and ransomware have become increasingly prominent, and organized and purposeful cyberattacks have increased, posing more challenges to cybersecurity protection. Therefore, reliable network risk assessment methods and effective network security protection schemes are urgently needed.

Based on the dynamic behavior patterns of attackers and defenders, a Bayesian network attack graph is constructed, and a multitarget risk dynamic assessment model is proposed based on network availability, network utilization impact and vulnerability attack possibility. Then, the self-organizing multiobjective evolutionary algorithm based on grey wolf optimization is proposed. And the authors use this algorithm to solve the multiobjective risk assessment model, and a variety of different attack strategies are obtained.

The experimental results demonstrate that the method yields 29 distinct attack strategies, and then attacker's preferences can be obtained according to these attack strategies. Furthermore, the method efficiently addresses the security assessment problem involving multiple decision variables, thereby providing constructive guidance for the construction of security network, security reinforcement and active defense.

A method for network risk assessment methods is given. And this study proposed a multiobjective risk dynamic assessment model based on network availability, network utilization impact and the possibility of vulnerability attacks. The example demonstrates the effectiveness of the method in addressing network security risks.

The aim of this study is o examine the advantages and disadvantages of different existing scoring systems in the cybersecurity domain and their applicability to the AEC industry and to systematically apply a scoring system to determine scores for some of the most significant construction participants.

This study proposes a methodology that uses the Common Vulnerability Scoring System (CVSS) to calculate scores and the likelihood of occurrence based on communication frequencies to ultimately determine risk categories for different paths in a construction network. As a proof of concept, the proposed methodology is implemented in a construction network from a real project found in the literature.

Results show that the proposed methodology could provide valuable information to assist project participants to assess the overall cybersecurity vulnerability of construction and assist during the vulnerability-management processes. For example, a project owner can use this information to get a better understanding of what to do to limit its vulnerability, which will lead to the overall improvement of the security of the construction network.

It has to be noted that the scoring systems, the scores and categories adopted in the study need not necessarily be an exact representation of all the construction participants or networks. Therefore, caution should be exercised to avoid generalizing the results of this study.

The proposed methodology can provide valuable information and assist project participants to assess the overall cyber-vulnerability of construction projects and support the vulnerability-management processes. For example, a project owner can use this approach to get a better understanding of what to do to limit its cyber-vulnerability exposure, which will ultimately lead to the overall improvement of the construction network's security. This study will also help raise more awareness about the cybersecurity implications of the digitalization and automation of the AEC industry among practitioners and construction researchers.

Given the amount of digitized services and tools used in the AEC industry, cybersecurity is increasingly becoming critical for society in general. In some cases, (e.g. critical infrastructure) incidents could have significant economic and societal or public safety implications. Therefore, proper consideration and action from the AEC research community and industry are needed.

To the authors' knowledge, this is the first attempt to measure and assess the cybersecurity of individual participants and the construction network as a whole by using the Common Vulnerability Scoring System.

The paper addresses various cyber threats and their effects on the internet. A review of the literature on intrusion detection systems (IDSs) as a means of mitigating internet attacks is presented, and gaps in the research are identified. The purpose of this paper is to identify the limitations of the current research and presents future directions for intrusion/malware detection research.

The paper presents a review of the research literature on IDSs, prior to identifying research gaps and limitations and suggesting future directions.

The popularity of the internet makes it vulnerable against various cyber-attacks. Ongoing research on intrusion detection methods aims to overcome the limitations of earlier approaches to internet security. However, findings from the literature review indicate a number of different limitations of existing techniques: poor accuracy, high detection time, and low flexibility in detecting zero-day attacks.

This paper provides a review of major issues in intrusion detection approaches. On the basis of a systematic and detailed review of the literature, various research limitations are discovered. Clear and concise directions for future research are provided.

Large supply and computer networks contain heterogeneous information and correlation among their components, and are distributed across a large geographical region. This paper aims to investigate and develop a generic knowledge integration framework that can handle the challenges posed in complex network management. It also seeks to examine this framework in various applications of essential management tasks in different infrastructures.

Efficient information and knowledge integration technologies are key to capably handling complex networks. An adaptive fusion framework is proposed that takes advantage of dependency modelling, active configuration planning and scheduling, and quality assurance of knowledge integration. The paper uses cases of supply network risk management and computer network attack correlation (NAC) to elaborate the problem and describe various applications of this generic framework.

Information and knowledge integration becomes increasingly important, enabled by technologies to collect and process data dynamically, and faces enormous challenges in handling escalating complexity. Representing these systems into an appropriate network model and integrating the knowledge in the model for decision making, directed by information and complexity measures, provide a promising approach. The preliminary results based on a Bayesian network model support the proposed framework.

First, the paper discussed and defined the challenges and requirements faced by knowledge integration in complex networks. Second, it proposed a knowledge integration framework that systematically models various network structures and adaptively integrates knowledge, based on dependency modelling and information theory. Finally, it used a conceptual Bayesian model to elaborate the application to supply chain risk management and computer NAC of this promising framework.

With the introduction of graph structure learning into service classification, more accurate graph structures can significantly improve the precision of service classification. However, existing graph structure learning methods tend to rely on a single information source when attempting to eliminate noise in the original graph structure and lack consideration for the graph generation mechanism. To address this problem, this paper aims to propose a graph structure estimation neural network-based service classification (GSESC) model.

First, this method uses the local smoothing properties of graph convolutional networks (GCN) and combines them with the stochastic block model to serve as the graph generation mechanism. Next, it constructs a series of observation sets reflecting the intrinsic structure of the service from different perspectives to minimize biases introduced by a single information source. Subsequently, it integrates the observation model with the structural model to calculate the posterior distribution of the graph structure. Finally, it jointly optimizes GCN and the graph estimation process to obtain the optimal graph.

The authors conducted a series of experiments on the API data set and compared it with six baseline methods. The experimental results demonstrate the effectiveness of the GSESC model in service classification.

This paper argues that the data set used for service classification exhibits a strong community structure. In response to this, the paper innovatively applies a graph-based learning model that considers the underlying generation mechanism of the graph to the field of service classification and achieves good results.

In the recent era, banking infrastructure constructs various remotely handled platforms for users. However, the security risk toward the banking sector has also elevated, as it is visible from the rising number of reported attacks against these security systems. Intelligence shows that cyberattacks of the crawlers are increasing. Malicious crawlers can crawl the Web pages, crack the passwords and reap the private data of the users. Besides, intrusion detection systems in a dynamic environment provide more false positives. The purpose of this research paper is to propose an efficient methodology to sense the attacks for creating low levels of false positives.

In this research, the authors have developed an efficient approach for malicious crawler detection and correlated the security alerts. The behavioral features of the crawlers are examined for the recognition of the malicious crawlers, and a novel methodology is proposed to improvise the bank user portal security. The authors have compared various machine learning strategies including Bayesian network, support sector machine (SVM) and decision tree.

This proposed work stretches in various aspects. Initially, the outcomes are stated for the mixture of different kinds of log files. Then, distinct sites of various log files are selected for the construction of the acceptable data sets. Session identification, attribute extraction, session labeling and classification were held. Moreover, this approach clustered the meta-alerts into higher level meta-alerts for fusing multistages of attacks and the various types of attacks.

This methodology used incremental clustering techniques and analyzed the probability of existing topologies in SVM classifiers for more deterministic classification. It also enhanced the taxonomy for various domains.

The global electronic equipment industry has evolved into one of the most innovative technology-based business sectors to transpire in the last three decades. Much of its success has been attributed to effective supply chain management. The purpose of this paper is to provide an examination of external risk factors associated with the industry’s key suppliers through the creation of Bayesian networks which can be used to benchmark external risks among these suppliers.

The study sample consists of the suppliers to seven of the leading global electronic equipment companies. Bayesian networks are used as a methodology for examining the supplier external risk profiles of the study sample.

The results of this study show that Bayesian networks can be effectively used to assist managers in making decisions regarding current and prospective suppliers with respect to their potential impact on supply chains as illustrated through their corresponding external risk profiles.

A limitation to the use of Bayesian networks for modeling external risk profiles is the proper identification of risk events and risk categories that can impact a supply chain.

The methodology used in this study can be adopted by managers to assist them in making decisions regarding current or prospective suppliers vis-à-vis their corresponding external risk profiles.

As part of a comprehensive supplier risk management program, companies along with their suppliers can develop specific strategies and tactics to minimize the effects of supply chain external risk events.

As organizations increase their dependence on supply chain networks, they become more susceptible to their suppliers’ disaster risk profiles, as well as other categories of risk associated with supply chains. Therefore, it is imperative that supply chain network participants are capable of assessing the disaster risks associated with their supplier base. The purpose of this paper is to assess the supplier disaster risks, which are a key element of external risk in supply chains.

The study participants are 15 automotive casting suppliers who display a significant degree of disaster risks to a major US automotive company. Bayesian networks are used as a methodology for examining the supplier disaster risk profiles for these participants.

The results of this study show that Bayesian networks can be effectively used to assist managers in making decisions regarding current and prospective suppliers vis-à-vis their potential revenue impact as illustrated through their corresponding disaster risk profiles.

A limitation to the use of Bayesian networks for modeling disaster risk profiles is the proper identification of risk events and risk categories that can impact a supply chain.

The methodology used in this study can be adopted by managers to assist them in making decisions regarding current or prospective suppliers vis-à-vis their corresponding disaster risk profiles.

As part of a comprehensive supplier risk management program, organizations along with their suppliers can develop specific strategies and tactics to minimize the effects of supply chain disaster risk events.

To counteract the effects of global competition, many organizations have extended their enterprises by forming supply chain networks. However, as organizations increase their dependence on these networks, they become more vulnerable to their suppliers' risk profiles. The purpose of this paper is to present a methodology for modeling and evaluating risk profiles in supply chains via Bayesian networks.

Empirical data from 15 casting suppliers to a major US automotive company are analyzed using Bayesian networks. The networks provide a methodological approach for determining a supplier's external, operational, and network risk probability, and the potential revenue impact a supplier can have on the company.

Bayesian networks can be used to develop supplier risk profiles to determine the risk exposure of a company's revenue stream. The supplier risk profiles can be used to determine those risk events which have the largest potential impact on an organization's revenues, and the highest probability of occurrence.

A limitation to the use of Bayesian networks to model supply chain risks is the proper identification of risk events and risk categories that can impact a supply chain.

The methodology used in this study can be adopted by managers to formulate supply chain risk management strategies and tactics which mitigate overall supply chain risks.

The methodology used in this study can be used by organizations to reduce supply chain risks which yield numerous societal benefits.

As part of a comprehensive supplier risk management program, organizations along with their suppliers can develop targeted approaches to minimize the occurrence of supply chain risk events.

The paper aims to build the connections between game theory and the resource allocation problem with general uncertainty. It proposes modeling the distributed resource allocation problem by Bayesian game. During this paper, three basic kinds of uncertainties are discussed. Therefore, the purpose of this paper is to build the connections between game theory and the resource allocation problem with general uncertainty.

In this paper, the Bayesian game is proposed for modeling the resource allocation problem with uncertainty. The basic game theoretical model contains three parts: agents, utility function, and decision-making process. Therefore, the probabilistic weighted Shapley value (WSV) is applied to design the utility function of the agents. For achieving the Bayesian Nash equilibrium point, the rational learning method is introduced for optimizing the decision-making process of the agents.

The paper provides empirical insights about how the game theoretical model deals with the resource allocation problem uncertainty. A probabilistic WSV function was proposed to design the utility function of agents. Moreover, the rational learning was used to optimize the decision-making process of agents for achieving Bayesian Nash equilibrium point. By comparing with the models with full information, the simulation results illustrated the effectiveness of the Bayesian game theoretical methods for the resource allocation problem under uncertainty.

This paper designs a Bayesian theoretical model for the resource allocation problem under uncertainty. The relationships between the Bayesian game and the resource allocation problem are discussed.