Search results

This paper aims to propose a mobile agent-based security information and event management architecture (MA-SIEM) that uses mobile agents for near real-time event collection and normalization on the source device. The externalization of the normalization process, executed by several distributed mobile agents on interconnected computers and devices, proposes a SIEM server dedicated mainly for correlation and analysis.

The architecture has been proposed in three stages. In the first step, the authors described the different aspects of the proposed approach. Then they implemented the proposed architecture and presented a new vision for the insertion of normalized data into the SIEM database. Finally, the authors performed a numerical comparison between the approach used in the proposed architecture and that of existing SIEM systems.

The results of the experiments showed that MA-SIEM systems are more efficient than existing SIEM systems because they leave the SIEM resources primarily dedicated to advanced correlation analysis. In addition, this paper takes into account realistic scenarios and use-cases and proposes a fully automated process for transferring normalized events in near real time to the SIEM server for further analysis using mobile agents.

The work provides new insights into the normalization security-related events using light mobile agents.

Nowadays, to operate securely and legally and to achieve business objectives, secure valuable assets and support uninterrupted business processes, all organizations need to match a lot of internal and external compliance regulations such as laws, standards, guidelines, policies, specifications and procedures. An integrated system able to manage information security (IS) for their intranets in the new cyberspace while processing tremendous amounts of IS-related data coming in various formats is required as never before. These data, after being collected and analyzed, should be evaluated in real-time from an IS incident viewpoint, to identify an incident’s source, consider its type, weigh its consequences, visualize its vector, associate all target systems, prioritize countermeasures and offer mitigation solutions with weighted impact relevance. Different security information and event management (SIEM) systems cope with this routine and usually complicated work by rapid detection of IS incidents and further appropriate response. Modern challenges dictate the need to build these systems using advanced technologies such as the blockchain (BC) technologies (BCTs). The purpose of this study is to design a new BC-based SIEM 3.0 system and propose a methodology for its evaluation.

Modern challenges dictate the need to build these systems using advanced technologies such as the BC technologies. Many internet resources argue that the BCT suits the intrusion detection objectives very well, but they do not mention how to implement it.

After a brief analysis of the BC concept and the evolution of SIEM systems, this paper presents the main ideas on designing the next-generation BC-based SIEM 3.0 systems, for the first time in open access publications, including a convolution method for solving the scalability issue for ever-growing BC size. This new approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future.

The most important area of the future work is to bring this proposed system to life. The implementation, deployment and testing onto a real-world network would also allow people to see its viability or show that a more sophisticated model should be worked out. After developing the design basics, we are ready to determine the directions of the most promising studies. What are the main criteria and principles, according to which the organization will select events from PEL for creating one BC block? What is the optimal number of nodes in the organization’s BC, depending on its network assets, services provided and the number of events that occur in its network? How to build and host the SIEM 3.0 BC infrastructure? How to arrange streaming analytics of block’s content containing events taking place in the network? How to design the BC middleware as software that enables staff to interact with BC blocks to provide services like IS events correlation? How to visualize the results obtained to find insights and patterns in historical BC data for better IS management? How to predict the emergence of IS events in the future? This list of questions can be continued indefinitely for a full-fledged design of SIEM 3.0.

This paper shows the full applicability of the BC concept to the creation of the next-generation SIEM 3.0 systems that are designed to detect IS incidents in a modern, fully interconnected organization’s network environment. The authors’ attempt to begin with a detailed description of the basics for a BC-based SIEM 3.0 system design is presented, as well as the evaluation methodology for the resulting product.

The authors believe that their new revolutionary approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future. They hope that this paper will evoke a lively response in this segment of the security controls market from both theorists and direct developers of living systems that will implement the above approach.

The security of applications, systems and networks has always been the source of great concern for both enterprises and common users. Different security tools like intrusion detection system/intrusion prevention system and firewalls are available that provide preventive security to the enterprise networks. However, security information and event management (SIEM) systems use these tools in combination to collect events from diverse data sources across the network. SIEM is a proactive tool that processes the events to present a unified security view of the whole network at one location. SIEM system has, therefore, become an essential component of an enterprise network security architecture. However, from various options available, the selection of a suitable and cost-effective open source SIEM solution that can effectively meet most of the security requirements of small-to-medium-sized enterprises (SMEs) is not simple because of the lack of strong analysis.

In this work, the authors first review the security challenges faced by different SME sectors and then consider a comprehensive comparative analysis of the capabilities of well-known open source SIEM solutions. Based on this, the authors provide requirements based recommendations of open source SIEM solutions for SMEs. This paper aims to provide a valuable resource that can be referred to by SMEs for the selection of a SIEM system best suited to their organization’s security posture.

Security requirements of SMEs vary according to their network infrastructure; therefore, every open source SIEM solution would not be suitable for an SME. Selection of a SIEM solution from available open source solutions based upon the security requirements of an SME network is a critical task. Therefore, in this work, a meaningful insight for the selection of an appropriate SIEM solution for SMEs is provided.

Major contribution of this work is the mapping of the security requirements of the SME sectors under consideration, against the open source SIEM options to provide meaningful insight for SMEs in the selection of an appropriate solution.

This chapter develops a structural framework for the analysis of scoring procurement auctions where bidder’s quality and bid are taken into account. With exogenous quality, the authors characterize the optimal mechanism whether the buyer is private or public and show that the optimal scoring rule need not be linear in the bid. The model primitives include the buyer benefit function, the bidders’ cost inefficiencies distribution and cost function, and potentially the cost of public funds. We show that the model primitives are nonparametrically identified under mild functional assumptions from the buyer’s choice, firms’ bids and qualities. The authors then develop a multistep kernel-based procedure to estimate the model primitives and provide their convergence rates. Our identification and estimation results are general as they apply to other scoring rules including quasi-linear ones.

Normalization is an important step in all the natural language processing applications that are handling social media text. The text from social media poses a different kind of problems that are not present in regular text. Recently, a considerable amount of work has been done in this direction, but mostly in the English language. People who do not speak English code mixed the text with their native language and posted text on social media using the Roman script. This kind of text further aggravates the problem of normalizing. This paper aims to discuss the concept of normalization with respect to code-mixed social media text, and a model has been proposed to normalize such text.

The system is divided into two phases – candidate generation and most probable sentence selection. Candidate generation task is treated as machine translation task where the Roman text is treated as source language and Gurmukhi text is treated as the target language. Character-based translation system has been proposed to generate candidate tokens. Once candidates are generated, the second phase uses the beam search method for selecting the most probable sentence based on hidden Markov model.

Character error rate (CER) and bilingual evaluation understudy (BLEU) score are reported. The proposed system has been compared with Akhar software and RB\_R2G system, which are also capable of transliterating Roman text to Gurmukhi. The performance of the system outperforms Akhar software. The CER and BLEU scores are 0.268121 and 0.6807939, respectively, for ill-formed text.

It was observed that the system produces dialectical variations of a word or the word with minor errors like diacritic missing. Spell checker can improve the output of the system by correcting these minor errors. Extensive experimentation is needed for optimizing language identifier, which will further help in improving the output. The language model also seeks further exploration. Inclusion of wider context, particularly from social media text, is an important area that deserves further investigation.

The practical implications of this study are: (1) development of parallel dataset containing Roman and Gurmukhi text; (2) development of dataset annotated with language tag; (3) development of the normalizing system, which is first of its kind and proposes translation based solution for normalizing noisy social media text from Roman to Gurmukhi. It can be extended for any pair of scripts. (4) The proposed system can be used for better analysis of social media text. Theoretically, our study helps in better understanding of text normalization in social media context and opens the doors for further research in multilingual social media text normalization.

Existing research work focus on normalizing monolingual text. This study contributes towards the development of a normalization system for multilingual text.

The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing digital forensic readiness (DFR) schemes by leveraging the capabilities of cyber threat information sharing.

This paper uses a quantitative methodology to identify the most popular cyber threat intelligence (CTI) elements and introduces a lightweight approach to correlate those with potential forensic value, resulting in the quick and accurate triaging and identification of patterns of malicious activities.

While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics (DF) domain.

The proposed model can help organizations to improve their DFR posture, and thus minimize the time and cost of cybercrime incidents.

This paper explores the empirical relationship between population age structure and bilateral trade.

The author includes age structure in both log and Poisson pseudo-maximum likelihood (PPML) formulations of the gravity equation of trade. The author studies relative age effects, using differences in the demographic structure of each country-pair.

The author finds that a relatively larger share of population in working age increases bilateral exports. This is robust to various estimation models, as well as to changes in the method of specifying the demographic controls. Old-age shares have a negative, but less robustly estimated impact on trade. Estimating instead the balance of trade between trading partners produces similar results, with positive effects of age structure peaking later in working life.

Global populations are poised to undergo a massive transition. Trade a crucial way that the demographic deficits of one country may be offset by the dividends of another as comparative advantages shift along with the size and strength of their underlying workforce.

The author’s work is among the first to quantify the effect of relative age structure between two countries and their bilateral trade flows. Focusing on the aggregate flows, relative age shares and PPML estimates of the trade relationship, this paper provides the most comprehensive picture to date on how age structure affects trade.

The aim of this paper was to study current practices in FM work order processing to support and improve decision-making. Processing and prioritizing work orders constitute a critical part of facilities and maintenance management practices given the large amount of work orders submitted daily. User-driven approaches (UDAs) are currently more prevalent for processing and prioritizing work orders but have challenges including inconsistency and subjectivity. Data-driven approaches can provide an advantage over user-driven ones in work-order processing; however, specific data requirements need to be identified to collect and process the functional data needed while achieving more consistent and accurate results.

This paper presents the findings of an online survey conducted with facility management (FM) experts who are directly or indirectly involved in processing work orders in building maintenance.

The findings reflect the current practices of 71 survey participants on data requirements, criteria selection, rankings, with current shortcomings and challenges in prioritizing work orders. In addition, differences between criteria and their ranking within participants’ experience, facility types and facility sizes are investigated. The findings of the study provide a snapshot of the current practices in FM work order processing, which aids in developing a comprehensive framework to support data-driven decision-making and address the challenges with UDAs.

Although previous studies have explored the use of selected criteria for processing and prioritizing work orders, this paper investigated a comprehensive list of criteria used by various facilities for processing work orders. Furthermore, previous studies are focused on the processing and prioritization stage, whereas this paper explored the data collected following the completion of the maintenance tasks and the benefits it can provide for processing future work orders. In addition, previous studies have focused on one specific stage of work order processing, whereas this paper investigated the common data between different stages of work order processing for enhanced FM.

A state space representation of a linearized DSGE model implies a VAR in terms of observable variables. The model is said be non-invertible if there exists no linear rotation of the VAR innovations which can recover the economic shocks. Non-invertibility arises when the observed variables fail to perfectly reveal the state variables of the model. The imperfect observation of the state drives a wedge between the VAR innovations and the deep shocks, potentially invalidating conclusions drawn from structural impulse response analysis in the VAR. The principal contribution of this chapter is to show that non-invertibility should not be thought of as an “either/or” proposition – even when a model has a non-invertibility, the wedge between VAR innovations and economic shocks may be small, and structural VARs may nonetheless perform reliably. As an increasingly popular example, so-called “news shocks” generate foresight about changes in future fundamentals – such as productivity, taxes, or government spending – and lead to an unassailable missing state variable problem and hence non-invertible VAR representations. Simulation evidence from a medium scale DSGE model augmented with news shocks about future productivity reveals that structural VAR methods often perform well in practice, in spite of a known non-invertibility. Impulse responses obtained from VARs closely correspond to the theoretical responses from the model, and the estimated VAR responses are successful in discriminating between alternative, nested specifications of the underlying DSGE model. Since the non-invertibility problem is, at its core, one of missing information, conditioning on more information, for example through factor augmented VARs, is shown to either ameliorate or eliminate invertibility problems altogether.

This paper aims to evaluate the impact of competitor entry on efficiency outcome in two‐sided network context.

The context is the population of incumbent firms making up the local exchange segment of the telecommunications industry in the US over a 14‐year period from 1988 to 2001.

The results show that encouraging the entry of competitors had led quite substantially to the enhancement of efficiencies for the incumbent firms.

A policy conclusion would be to enhance the incentives for new firms to enter two‐sided markets and also suppress anti‐competitive behavior by incumbents in such contexts with a firm hand so as to enhance efficiency levels.

This is a comprehensive analysis of policy changes in one of the world's largest telecommunications markets and the results have applicability across several other country contexts.