Šarūnas Grigaliūnas, Michael Schmidt, Rasa Brūzgienė, Panayiota Smyrli, Vladislav Bidikov
A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims to introduce the Security Baseline for NRENs and a security maturity model tailored for R&E entities, derived from established security best practices to meet the specific needs of NRENs, universities, and various research institutions. The models currently in existence do not possess a system to smoothly correlate varying requirement tiers with distinct user groups or scenarios, baseline standards, and existing legislative actions. This segmentation poses a significant hurdle to the community’s capacity to guarantee consistency, congruency, and thorough compliance with a cohesive array of security standards and regulations. By employing taxonomical engineering principles, a mapping of baseline requirements to other security frameworks and regulations has been established. This reveals a correlation across most regulations impacting R&E institutions and uncovers an overlap in the high-level requirements, which is beneficial for the implementation of multiple standards. Consequently, organizations can systematically compare diverse security requirements, pinpoint gaps in their strategy, and formulate a roadmap to bolster their security initiatives.
{"title":"Leveraging Taxonomical Engineering for Security Baseline Compliance in International Regulatory Frameworks","authors":"Šarūnas Grigaliūnas, Michael Schmidt, Rasa Brūzgienė, Panayiota Smyrli, Vladislav Bidikov","doi":"10.3390/fi15100330","DOIUrl":"https://doi.org/10.3390/fi15100330","url":null,"abstract":"A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims to introduce the Security Baseline for NRENs and a security maturity model tailored for R&E entities, derived from established security best practices to meet the specific needs of NRENs, universities, and various research institutions. The models currently in existence do not possess a system to smoothly correlate varying requirement tiers with distinct user groups or scenarios, baseline standards, and existing legislative actions. This segmentation poses a significant hurdle to the community’s capacity to guarantee consistency, congruency, and thorough compliance with a cohesive array of security standards and regulations. By employing taxonomical engineering principles, a mapping of baseline requirements to other security frameworks and regulations has been established. This reveals a correlation across most regulations impacting R&E institutions and uncovers an overlap in the high-level requirements, which is beneficial for the implementation of multiple standards. Consequently, organizations can systematically compare diverse security requirements, pinpoint gaps in their strategy, and formulate a roadmap to bolster their security initiatives.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135301099","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Marwa Abdelreheim, Taysir Hassan A. Soliman, Friederike Klan
The profusion of existing ontologies in different domains has made reusing ontologies a best practice when developing new ontologies. The ontology reuse process reduces the expensive cost of developing a new ontology, in terms of time and effort, and supports semantic interoperability. Existing ontology development tools do not assist in the recommendation of ontologies or their concepts to be reused. Also, existing ontology recommendation tools could suggest whole ontologies covering a set of input keywords without referring to which parts of them (e.g., concepts) can be reused. In this paper, we propose an effective ontology recommendation system that helps the user in the iterative development and reuse of ontologies. The system allows the user to provide explicit preferences about the new ontology, and iteratively guides the user to parts from existing ontologies which match his preferences for reuse. Finally, we developed a prototype of our ontology recommendation system and conducted a user-based evaluation to assess the effectiveness of our approach.
{"title":"A Personalized Ontology Recommendation System to Effectively Support Ontology Development by Reuse","authors":"Marwa Abdelreheim, Taysir Hassan A. Soliman, Friederike Klan","doi":"10.3390/fi15100331","DOIUrl":"https://doi.org/10.3390/fi15100331","url":null,"abstract":"The profusion of existing ontologies in different domains has made reusing ontologies a best practice when developing new ontologies. The ontology reuse process reduces the expensive cost of developing a new ontology, in terms of time and effort, and supports semantic interoperability. Existing ontology development tools do not assist in the recommendation of ontologies or their concepts to be reused. Also, existing ontology recommendation tools could suggest whole ontologies covering a set of input keywords without referring to which parts of them (e.g., concepts) can be reused. In this paper, we propose an effective ontology recommendation system that helps the user in the iterative development and reuse of ontologies. The system allows the user to provide explicit preferences about the new ontology, and iteratively guides the user to parts from existing ontologies which match his preferences for reuse. Finally, we developed a prototype of our ontology recommendation system and conducted a user-based evaluation to assess the effectiveness of our approach.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135301104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the evolution towards the interconnected future internet spanning satellites, aerial systems, terrestrial infrastructure, and oceanic networks, availability modeling becomes imperative to ensure reliable service. This paper presents a methodology to assess end-to-end availability in complex multi-tiered architectures using a Markov model tailored to the unique characteristics of cloud, fog, edge, and IoT layers. By quantifying individual tier reliability and combinations thereof, the approach enables setting availability targets during the design and evaluation of operational systems. In the paper, a methodology is proposed to construct a Markov model for the reliability of discrete tiers and end-to-end service availability in heterogeneous multi-tier cloud–fog–edge networks, and the model is demonstrated through numerical examples assessing availability in multi-tier networks. The numerical examples demonstrate the adaptability of the model to various topologies from conventional three-tier to arbitrary multi-level architectures. As connectivity becomes ubiquitous across heterogeneous devices and networks, the proposed approach and availability modeling provide an effective tool for reinforcing the future internet’s fault tolerance and service quality.
{"title":"End-to-End Service Availability in Heterogeneous Multi-Tier Cloud–Fog–Edge Networks","authors":"Igor Kabashkin","doi":"10.3390/fi15100329","DOIUrl":"https://doi.org/10.3390/fi15100329","url":null,"abstract":"With the evolution towards the interconnected future internet spanning satellites, aerial systems, terrestrial infrastructure, and oceanic networks, availability modeling becomes imperative to ensure reliable service. This paper presents a methodology to assess end-to-end availability in complex multi-tiered architectures using a Markov model tailored to the unique characteristics of cloud, fog, edge, and IoT layers. By quantifying individual tier reliability and combinations thereof, the approach enables setting availability targets during the design and evaluation of operational systems. In the paper, a methodology is proposed to construct a Markov model for the reliability of discrete tiers and end-to-end service availability in heterogeneous multi-tier cloud–fog–edge networks, and the model is demonstrated through numerical examples assessing availability in multi-tier networks. The numerical examples demonstrate the adaptability of the model to various topologies from conventional three-tier to arbitrary multi-level architectures. As connectivity becomes ubiquitous across heterogeneous devices and networks, the proposed approach and availability modeling provide an effective tool for reinforcing the future internet’s fault tolerance and service quality.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135350929","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Łukasz Piotr Łuczak, Przemysław Ignaciuk, Michał Morawski
In today’s digital era, the demand for uninterrupted and efficient data streaming is paramount across various sectors, from entertainment to industrial automation. While the traditional single-path solutions often fell short in ensuring rapid and consistent data transfers, Multipath TCP (MPTCP) emerges as a promising alternative, enabling simultaneous data transfer across multiple network paths. The efficacy of MPTCP, however, hinges on the choice of appropriate congestion control (CC) algorithms. Addressing the present knowledge gap, this research provides a thorough evaluation of key MPTCP CC algorithms in the context of streaming applications in open Internet environments. Our findings reveal that BALIA stands out as the most suitable choice for MPTCP streaming, adeptly balancing waiting time, throughput, and Head-of-Line blocking reduction. Conversely, the wVegas algorithm, with its delay-centric approach, proves less adequate for multipath streaming. This study underscores the imperative to fine-tune MPTCP for streaming applications, at the same time offering insights for future development areas and innovations.
{"title":"Evaluating MPTCP Congestion Control Algorithms: Implications for Streaming in Open Internet","authors":"Łukasz Piotr Łuczak, Przemysław Ignaciuk, Michał Morawski","doi":"10.3390/fi15100328","DOIUrl":"https://doi.org/10.3390/fi15100328","url":null,"abstract":"In today’s digital era, the demand for uninterrupted and efficient data streaming is paramount across various sectors, from entertainment to industrial automation. While the traditional single-path solutions often fell short in ensuring rapid and consistent data transfers, Multipath TCP (MPTCP) emerges as a promising alternative, enabling simultaneous data transfer across multiple network paths. The efficacy of MPTCP, however, hinges on the choice of appropriate congestion control (CC) algorithms. Addressing the present knowledge gap, this research provides a thorough evaluation of key MPTCP CC algorithms in the context of streaming applications in open Internet environments. Our findings reveal that BALIA stands out as the most suitable choice for MPTCP streaming, adeptly balancing waiting time, throughput, and Head-of-Line blocking reduction. Conversely, the wVegas algorithm, with its delay-centric approach, proves less adequate for multipath streaming. This study underscores the imperative to fine-tune MPTCP for streaming applications, at the same time offering insights for future development areas and innovations.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135592441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yong Yu, Shudong Chen, Rong Du, Da Tong, Hao Xu, Shuai Chen
Temporal knowledge graphs play an increasingly prominent role in scenarios such as social networks, finance, and smart cities. As such, research on temporal knowledge graphs continues to deepen. In particular, research on temporal knowledge graph reasoning holds great significance, as it can provide abundant knowledge for downstream tasks such as question answering and recommendation systems. Current reasoning research focuses primarily on interpolation and extrapolation. Extrapolation research aims to predict the likelihood of events occurring in future timestamps. Historical events are crucial for predicting future events. However, existing models struggle to fully capture the evolutionary characteristics of historical knowledge graphs. This paper proposes a multi-scale evolutionary network (MSEN) model that leverages Hierarchical Transfer aware Graph Neural Network (HT-GNN) in a local memory encoder to aggregate rich structural semantics from each timestamp’s knowledge graph. It also utilizes Time Related Graph Neural Network (TR-GNN) in a global memory encoder to model temporal-semantic dependencies of entities across the global knowledge graph, mining global evolutionary patterns. The model integrates information from both encoders to generate entity embeddings for predicting future events. The proposed MSEN model demonstrates strong performance compared to several baselines on typical benchmark datasets. Results show MSEN achieves the highest prediction accuracy.
{"title":"MSEN: A Multi-Scale Evolutionary Network for Modeling the Evolution of Temporal Knowledge Graphs","authors":"Yong Yu, Shudong Chen, Rong Du, Da Tong, Hao Xu, Shuai Chen","doi":"10.3390/fi15100327","DOIUrl":"https://doi.org/10.3390/fi15100327","url":null,"abstract":"Temporal knowledge graphs play an increasingly prominent role in scenarios such as social networks, finance, and smart cities. As such, research on temporal knowledge graphs continues to deepen. In particular, research on temporal knowledge graph reasoning holds great significance, as it can provide abundant knowledge for downstream tasks such as question answering and recommendation systems. Current reasoning research focuses primarily on interpolation and extrapolation. Extrapolation research aims to predict the likelihood of events occurring in future timestamps. Historical events are crucial for predicting future events. However, existing models struggle to fully capture the evolutionary characteristics of historical knowledge graphs. This paper proposes a multi-scale evolutionary network (MSEN) model that leverages Hierarchical Transfer aware Graph Neural Network (HT-GNN) in a local memory encoder to aggregate rich structural semantics from each timestamp’s knowledge graph. It also utilizes Time Related Graph Neural Network (TR-GNN) in a global memory encoder to model temporal-semantic dependencies of entities across the global knowledge graph, mining global evolutionary patterns. The model integrates information from both encoders to generate entity embeddings for predicting future events. The proposed MSEN model demonstrates strong performance compared to several baselines on typical benchmark datasets. Results show MSEN achieves the highest prediction accuracy.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"2014 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136343849","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Against the backdrop of rising road traffic accident rates, measures to prevent road traffic accidents have always been a pressing issue in Taiwan. Road traffic accidents are mostly caused by speeding and roadway obstacles, especially in the form of rockfalls, potholes, and car crashes (involving damaged cars and overturned cars). To address this, it was necessary to design a real-time detection system that could detect speed limit signs, rockfalls, potholes, and car crashes, which would alert drivers to make timely decisions in the event of an emergency, thereby preventing secondary car crashes. This system would also be useful for alerting the relevant authorities, enabling a rapid response to the situation. In this study, a hierarchical deep-learning-based object detection model is proposed based on You Only Look Once v7 (YOLOv7) and mask region-based convolutional neural network (Mask R-CNN) algorithms. In the first level, YOLOv7 identifies speed limit signs and rockfalls, potholes, and car crashes. In the second level, Mask R-CNN subdivides the speed limit signs into nine categories (30, 40, 50, 60, 70, 80, 90, 100, and 110 km/h). The images used in this study consisted of screen captures of dashcam footage as well as images obtained from the Tsinghua-Tencent 100K dataset, Google Street View, and Google Images searches. During model training, we employed Gaussian noise and image rotation to simulate poor weather conditions as well as obscured, slanted, or twisted objects. Canny edge detection was used to enhance the contours of the detected objects and accentuate their features. The combined use of these image-processing techniques effectively increased the quantity and variety of images in the training set. During model testing, we evaluated the model’s performance based on its mean average precision (mAP). The experimental results showed that the mAP of our proposed model was 8.6 percentage points higher than that of the YOLOv7 model—a significant improvement in the overall accuracy of the model. In addition, we tested the model using videos showing different scenarios that had not been used in the training process, finding the model to have a rapid response time and a lower overall mean error rate. To summarize, the proposed model is a good candidate for road safety detection.
在道路交通意外率不断上升的背景下,如何预防道路交通意外一直是台湾迫切需要解决的问题。道路交通事故主要是由超速和道路障碍引起的,特别是以落石、坑洞和车祸(包括损坏的汽车和翻倒的汽车)的形式。为了解决这个问题,有必要设计一个实时检测系统,可以检测限速标志、落石、坑洞和车祸,提醒司机在紧急情况下及时做出决定,从而防止二次车祸。这一系统也有助于向有关当局发出警报,使其能够迅速对局势作出反应。在本研究中,提出了一种基于You Only Look Once v7 (YOLOv7)和基于mask区域的卷积神经网络(mask R-CNN)算法的分层深度学习目标检测模型。在第一关,YOLOv7识别限速标志、落石、坑洞和车祸。在第二层,Mask R-CNN将限速标志细分为9类(30,40,50,60,70,80,90,100和110 km/h)。本研究中使用的图像包括行车记录仪镜头的屏幕截图,以及从清华-腾讯100K数据集、谷歌街景和谷歌图像搜索中获得的图像。在模型训练过程中,我们使用高斯噪声和图像旋转来模拟恶劣的天气条件以及遮挡、倾斜或扭曲的物体。采用精细边缘检测增强被检测物体的轮廓,突出其特征。这些图像处理技术的结合使用有效地增加了训练集中图像的数量和种类。在模型测试中,我们根据其平均精度(mAP)来评估模型的性能。实验结果表明,我们提出的模型的mAP比YOLOv7模型提高了8.6个百分点,显著提高了模型的整体精度。此外,我们使用训练过程中未使用的不同场景的视频对模型进行了测试,发现该模型具有快速的响应时间和较低的总体平均错误率。综上所述,该模型是道路安全检测的理想选择。
{"title":"Application of an Effective Hierarchical Deep-Learning-Based Object Detection Model Integrated with Image-Processing Techniques for Detecting Speed Limit Signs, Rockfalls, Potholes, and Car Crashes","authors":"Yao-Liang Chung","doi":"10.3390/fi15100322","DOIUrl":"https://doi.org/10.3390/fi15100322","url":null,"abstract":"Against the backdrop of rising road traffic accident rates, measures to prevent road traffic accidents have always been a pressing issue in Taiwan. Road traffic accidents are mostly caused by speeding and roadway obstacles, especially in the form of rockfalls, potholes, and car crashes (involving damaged cars and overturned cars). To address this, it was necessary to design a real-time detection system that could detect speed limit signs, rockfalls, potholes, and car crashes, which would alert drivers to make timely decisions in the event of an emergency, thereby preventing secondary car crashes. This system would also be useful for alerting the relevant authorities, enabling a rapid response to the situation. In this study, a hierarchical deep-learning-based object detection model is proposed based on You Only Look Once v7 (YOLOv7) and mask region-based convolutional neural network (Mask R-CNN) algorithms. In the first level, YOLOv7 identifies speed limit signs and rockfalls, potholes, and car crashes. In the second level, Mask R-CNN subdivides the speed limit signs into nine categories (30, 40, 50, 60, 70, 80, 90, 100, and 110 km/h). The images used in this study consisted of screen captures of dashcam footage as well as images obtained from the Tsinghua-Tencent 100K dataset, Google Street View, and Google Images searches. During model training, we employed Gaussian noise and image rotation to simulate poor weather conditions as well as obscured, slanted, or twisted objects. Canny edge detection was used to enhance the contours of the detected objects and accentuate their features. The combined use of these image-processing techniques effectively increased the quantity and variety of images in the training set. During model testing, we evaluated the model’s performance based on its mean average precision (mAP). The experimental results showed that the mAP of our proposed model was 8.6 percentage points higher than that of the YOLOv7 model—a significant improvement in the overall accuracy of the model. In addition, we tested the model using videos showing different scenarios that had not been used in the training process, finding the model to have a rapid response time and a lower overall mean error rate. To summarize, the proposed model is a good candidate for road safety detection.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135387281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Medina Ayta Mohammed, Carmen De-Pablos-Heredero, José Luis Montes Botella
Central bank-issued digital currencies have sparked significant interest and are currently the subject of extensive research, owing to their potential for rapid settlement, low fees, accessibility, and automated monetary policies. However, central bank digital currencies are still in their infancy and the levels of adoption vary significantly between nations, with a few countries seeing widespread adoption. We used partial least squares structural equation modeling to investigate the nonlinear relationship between key national development indicators and central bank digital deployment across 67 countries. We explore the technological, environmental, legal, and economic factors that affect central bank digital currency adoption by country. We found a statistically significant and positive correlation between countries’ central bank digital currency adoption status and a country’s level of democracy and public confidence in governance, and a negative association between regulatory quality and income inequality. There was no significant association between countries’ central bank digital currency adoption status and their level of network readiness, foreign exchange reserves, and sustainable development goal rank. Thus, we posit that a country that is highly democratic and has good governance adopts central bank digital currencies more readily than others. Based on our findings, we suggested areas for additional research and highlighted policy considerations related to the wider adoption of central bank digital currency.
{"title":"Exploring the Factors Affecting Countries’ Adoption of Blockchain-Enabled Central Bank Digital Currencies","authors":"Medina Ayta Mohammed, Carmen De-Pablos-Heredero, José Luis Montes Botella","doi":"10.3390/fi15100321","DOIUrl":"https://doi.org/10.3390/fi15100321","url":null,"abstract":"Central bank-issued digital currencies have sparked significant interest and are currently the subject of extensive research, owing to their potential for rapid settlement, low fees, accessibility, and automated monetary policies. However, central bank digital currencies are still in their infancy and the levels of adoption vary significantly between nations, with a few countries seeing widespread adoption. We used partial least squares structural equation modeling to investigate the nonlinear relationship between key national development indicators and central bank digital deployment across 67 countries. We explore the technological, environmental, legal, and economic factors that affect central bank digital currency adoption by country. We found a statistically significant and positive correlation between countries’ central bank digital currency adoption status and a country’s level of democracy and public confidence in governance, and a negative association between regulatory quality and income inequality. There was no significant association between countries’ central bank digital currency adoption status and their level of network readiness, foreign exchange reserves, and sustainable development goal rank. Thus, we posit that a country that is highly democratic and has good governance adopts central bank digital currencies more readily than others. Based on our findings, we suggested areas for additional research and highlighted policy considerations related to the wider adoption of central bank digital currency.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135387410","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Adam Lockett, Ioannis Chalkias, Cagatay Yucel, Jane Henriksen-Bulmer, Vasilis Katos
Technologies providing copyright-infringing IPTV content are commonly used as an illegal alternative to legal IPTV subscriptions and services, as they usually have lower monetary costs and can be more convenient for users who follow content from different sources. These infringing IPTV technologies may include websites, software, software add-ons, and physical set-top boxes. Due to the free or low cost of illegal IPTV technologies, illicit IPTV content providers will often resort to intrusive advertising, scams, and the distribution of malware to increase their revenue. We developed an automated solution for collecting and analysing malware from illegal IPTV technologies and used it to analyse a sample of illicit IPTV websites, application (app) stores, and software. Our results show that our IPTV Technologies Malware Analysis Framework (IITMAF) classified 32 of the 60 sample URLs tested as malicious compared to running the same test using publicly available online antivirus solutions, which only detected 23 of the 60 sample URLs as malicious. Moreover, the IITMAF also detected malicious URLs and files from 31 of the sample’s websites, one of which had reported ransomware behaviour.
{"title":"Investigating IPTV Malware in the Wild","authors":"Adam Lockett, Ioannis Chalkias, Cagatay Yucel, Jane Henriksen-Bulmer, Vasilis Katos","doi":"10.3390/fi15100325","DOIUrl":"https://doi.org/10.3390/fi15100325","url":null,"abstract":"Technologies providing copyright-infringing IPTV content are commonly used as an illegal alternative to legal IPTV subscriptions and services, as they usually have lower monetary costs and can be more convenient for users who follow content from different sources. These infringing IPTV technologies may include websites, software, software add-ons, and physical set-top boxes. Due to the free or low cost of illegal IPTV technologies, illicit IPTV content providers will often resort to intrusive advertising, scams, and the distribution of malware to increase their revenue. We developed an automated solution for collecting and analysing malware from illegal IPTV technologies and used it to analyse a sample of illicit IPTV websites, application (app) stores, and software. Our results show that our IPTV Technologies Malware Analysis Framework (IITMAF) classified 32 of the 60 sample URLs tested as malicious compared to running the same test using publicly available online antivirus solutions, which only detected 23 of the 60 sample URLs as malicious. Moreover, the IITMAF also detected malicious URLs and files from 31 of the sample’s websites, one of which had reported ransomware behaviour.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135425075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Traditional information security risk assessment (RA) methodologies and standards, adopted by information security management systems and frameworks as a foundation stone towards robust environments, face many difficulties in modern environments where the threat landscape changes rapidly and new vulnerabilities are being discovered. In order to overcome this problem, dynamic risk assessment (DRA) models have been proposed to continuously and dynamically assess risks to organisational operations in (near) real time. The aim of this work is to analyse the current state of DRA models that have been proposed for cybersecurity, through a systematic literature review. The screening process led us to study 50 DRA models, categorised based on the respective primary analysis methods they used. The study provides insights into the key characteristics of these models, including the maturity level of the examined models, the domain or application area in which these models flourish, and the information they utilise in order to produce results. The aim of this work is to answer critical research questions regarding the development of dynamic risk assessment methodologies and provide insights on the already developed methods as well as future research directions.
{"title":"Dynamic Risk Assessment in Cybersecurity: A Systematic Literature Review","authors":"Pavlos Cheimonidis, Konstantinos Rantos","doi":"10.3390/fi15100324","DOIUrl":"https://doi.org/10.3390/fi15100324","url":null,"abstract":"Traditional information security risk assessment (RA) methodologies and standards, adopted by information security management systems and frameworks as a foundation stone towards robust environments, face many difficulties in modern environments where the threat landscape changes rapidly and new vulnerabilities are being discovered. In order to overcome this problem, dynamic risk assessment (DRA) models have been proposed to continuously and dynamically assess risks to organisational operations in (near) real time. The aim of this work is to analyse the current state of DRA models that have been proposed for cybersecurity, through a systematic literature review. The screening process led us to study 50 DRA models, categorised based on the respective primary analysis methods they used. The study provides insights into the key characteristics of these models, including the maturity level of the examined models, the domain or application area in which these models flourish, and the information they utilise in order to produce results. The aim of this work is to answer critical research questions regarding the development of dynamic risk assessment methodologies and provide insights on the already developed methods as well as future research directions.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135424943","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Due to the proliferation of large language models (LLMs) and their widespread use in applications such as ChatGPT, there has been a significant increase in interest in AI over the past year. Multiple researchers have raised the question: how will AI be applied and in what areas? Programming, including the generation, interpretation, analysis, and documentation of static program code based on promptsis one of the most promising fields. With the GPT API, we have explored a new aspect of this: static analysis of the source code of front-end applications at the endpoints of the data path. Our focus was the detection of the CWE-653 vulnerability—inadequately isolated sensitive code segments that could lead to unauthorized access or data leakage. This type of vulnerability detection consists of the detection of code segments dealing with sensitive data and the categorization of the isolation and protection levels of those segments that were previously not feasible without human intervention. However, we believed that the interpretive capabilities of GPT models could be explored to create a set of prompts to detect these cases on a file-by-file basis for the applications under study, and the efficiency of the method could pave the way for additional analysis tasks that were previously unavailable for automation. In the introduction to our paper, we characterize in detail the problem space of vulnerability and weakness detection, the challenges of the domain, and the advances that have been achieved in similarly complex areas using GPT or other LLMs. Then, we present our methodology, which includes our classification of sensitive data and protection levels. This is followed by the process of preprocessing, analyzing, and evaluating static code. This was achieved through a series of GPT prompts containing parts of static source code, utilizing few-shot examples and chain-of-thought techniques that detected sensitive code segments and mapped the complex code base into manageable JSON structures.Finally, we present our findings and evaluation of the open source project analysis, comparing the results of the GPT-based pipelines with manual evaluations, highlighting that the field yields a high research value. The results show a vulnerability detection rate for this particular type of model of 88.76%, among others.
{"title":"A New Approach to Web Application Security: Utilizing GPT Language Models for Source Code Inspection","authors":"Zoltán Szabó, Vilmos Bilicki","doi":"10.3390/fi15100326","DOIUrl":"https://doi.org/10.3390/fi15100326","url":null,"abstract":"Due to the proliferation of large language models (LLMs) and their widespread use in applications such as ChatGPT, there has been a significant increase in interest in AI over the past year. Multiple researchers have raised the question: how will AI be applied and in what areas? Programming, including the generation, interpretation, analysis, and documentation of static program code based on promptsis one of the most promising fields. With the GPT API, we have explored a new aspect of this: static analysis of the source code of front-end applications at the endpoints of the data path. Our focus was the detection of the CWE-653 vulnerability—inadequately isolated sensitive code segments that could lead to unauthorized access or data leakage. This type of vulnerability detection consists of the detection of code segments dealing with sensitive data and the categorization of the isolation and protection levels of those segments that were previously not feasible without human intervention. However, we believed that the interpretive capabilities of GPT models could be explored to create a set of prompts to detect these cases on a file-by-file basis for the applications under study, and the efficiency of the method could pave the way for additional analysis tasks that were previously unavailable for automation. In the introduction to our paper, we characterize in detail the problem space of vulnerability and weakness detection, the challenges of the domain, and the advances that have been achieved in similarly complex areas using GPT or other LLMs. Then, we present our methodology, which includes our classification of sensitive data and protection levels. This is followed by the process of preprocessing, analyzing, and evaluating static code. This was achieved through a series of GPT prompts containing parts of static source code, utilizing few-shot examples and chain-of-thought techniques that detected sensitive code segments and mapped the complex code base into manageable JSON structures.Finally, we present our findings and evaluation of the open source project analysis, comparing the results of the GPT-based pipelines with manual evaluations, highlighting that the field yields a high research value. The results show a vulnerability detection rate for this particular type of model of 88.76%, among others.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135424945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: