Zhijie Fan, Bo Yang, Jing Peng, Bingsen Pei, Changsong Zheng, Xin Li
This paper studies the collection of large-scale log data of information system and puts forward a dynamic adaptive mechanism for large-scale unified log data collection. Furthermore, we design and implement our method for pan-government industry safety operation management platform. The data flow processing architecture based on message queue is adopted to realize the decoupling of log collection, log processing and log reporting. The traffic peak clipping technology of message queue is adopted to ensure the safety and reliability of log transmission. According to the characteristics of log traffic, a design mode supporting dynamic adjustment of consumption group is proposed to meet the high-performance requirements of the system. The whole system can meet the centralized analysis, security threat perception and intelligent analysis of various security data. Meanwhile, we analyzed and compared with the traditional open-source log collection technology, our proposed method and system has clear advantages.
{"title":"Dynamic Adaptive Mechanism Design and Implementation in VSS for Large-Scale Unified Log Data Collection","authors":"Zhijie Fan, Bo Yang, Jing Peng, Bingsen Pei, Changsong Zheng, Xin Li","doi":"10.4018/ijisp.349569","DOIUrl":"https://doi.org/10.4018/ijisp.349569","url":null,"abstract":"This paper studies the collection of large-scale log data of information system and puts forward a dynamic adaptive mechanism for large-scale unified log data collection. Furthermore, we design and implement our method for pan-government industry safety operation management platform. The data flow processing architecture based on message queue is adopted to realize the decoupling of log collection, log processing and log reporting. The traffic peak clipping technology of message queue is adopted to ensure the safety and reliability of log transmission. According to the characteristics of log traffic, a design mode supporting dynamic adjustment of consumption group is proposed to meet the high-performance requirements of the system. The whole system can meet the centralized analysis, security threat perception and intelligent analysis of various security data. Meanwhile, we analyzed and compared with the traditional open-source log collection technology, our proposed method and system has clear advantages.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.5,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141923611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the contemporary era of the internet, safeguarding children's rights emerges as a critical concern necessitating immediate attention. Given children's heightened vulnerability within society, the legal framework must prioritize their protection, reinforcing their agency and safeguarding their rights through legislative measures. This study proposes an innovative differential clustering algorithm specifically designed to uphold children's rights. Through rigorous experimentation, the algorithm achieves an Adjusted Rand Index (ARI) approaching 2, showcasing its effectiveness in offering targeted differential protection for children's rights while maintaining high clustering precision. The paper emphasizes the importance of noise reduction through iterative central point optimization to stabilize cluster configurations, with the fusion of multiple clusters serving to mitigate noise impacts on data points and yield robust clustering outcomes. Consequently, this research delivers reliable clustering results while preserving the confidentiality of children's rights information.
{"title":"Enhancing Legal Protection of Children's Rights in the “Internet Plus”","authors":"Binjing Li, Wendong Yu","doi":"10.4018/ijisp.349898","DOIUrl":"https://doi.org/10.4018/ijisp.349898","url":null,"abstract":"In the contemporary era of the internet, safeguarding children's rights emerges as a critical concern necessitating immediate attention. Given children's heightened vulnerability within society, the legal framework must prioritize their protection, reinforcing their agency and safeguarding their rights through legislative measures. This study proposes an innovative differential clustering algorithm specifically designed to uphold children's rights. Through rigorous experimentation, the algorithm achieves an Adjusted Rand Index (ARI) approaching 2, showcasing its effectiveness in offering targeted differential protection for children's rights while maintaining high clustering precision. The paper emphasizes the importance of noise reduction through iterative central point optimization to stabilize cluster configurations, with the fusion of multiple clusters serving to mitigate noise impacts on data points and yield robust clustering outcomes. Consequently, this research delivers reliable clustering results while preserving the confidentiality of children's rights information.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.5,"publicationDate":"2024-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141802094","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dual-domain terminal with two built-in independent operating systems - Life Domain and Work Domain, provides convenience for daily use and mobile office. However, the security isolation between the two domains also causes that message reminders cannot be delivered and viewed across domains, which restricts the improvement of work efficiency and the expansion of mobile services. This paper conducts an in-depth study on this pain point and proposes the concept and implementation method of a cross-domain instant messaging reminder service system for mobile office, focusing on solving the problems of: cross-domain isolated boundary exchange of message reminders, timeliness and delivery rate guarantee of message reminders, and security check filtering of message contents. Technically, on the side of mobile office platform, based on AMQP technical framework and protocol, the cross-domain isolated border message queue push and synchronization services are built, which are real-time, reliable and high-throughput.
{"title":"Improved Message Mechanism-Based Cross-Domain Security Control Model in Mobile Terminals","authors":"Zhiwei Cao, Zhijie Fan, Boan Chen, Zidong Cheng, Shijun Xu, Xin Li","doi":"10.4018/ijisp.347987","DOIUrl":"https://doi.org/10.4018/ijisp.347987","url":null,"abstract":"Dual-domain terminal with two built-in independent operating systems - Life Domain and Work Domain, provides convenience for daily use and mobile office. However, the security isolation between the two domains also causes that message reminders cannot be delivered and viewed across domains, which restricts the improvement of work efficiency and the expansion of mobile services. This paper conducts an in-depth study on this pain point and proposes the concept and implementation method of a cross-domain instant messaging reminder service system for mobile office, focusing on solving the problems of: cross-domain isolated boundary exchange of message reminders, timeliness and delivery rate guarantee of message reminders, and security check filtering of message contents. Technically, on the side of mobile office platform, based on AMQP technical framework and protocol, the cross-domain isolated border message queue push and synchronization services are built, which are real-time, reliable and high-throughput.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.5,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141812103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Power grid construction significantly enhances power grid management and risk control. Inconsistent operations at construction sites can jeopardize grid stability and crew safety. Traditional power lines are less favored due to mobility limitations, while batteries add burden and impracticality. To address this, a wireless power transfer and video monitoring system is developed using RF technology and Yolo V3 model. This enables continuous monitoring and employee safety analysis. The system's detection performance is optimized using HPSO, surpassing existing methods in accuracy and speed. It ensures real-time monitoring and improves the detection of potential risk sources, crucial for construction site safety.
{"title":"Intelligent Video Monitoring and Analysis System for Power Grid Construction Site Safety Using Wireless Power Transfer","authors":"Xinyuan Liu, Hongyang He","doi":"10.4018/ijisp.347878","DOIUrl":"https://doi.org/10.4018/ijisp.347878","url":null,"abstract":"Power grid construction significantly enhances power grid management and risk control. Inconsistent operations at construction sites can jeopardize grid stability and crew safety. Traditional power lines are less favored due to mobility limitations, while batteries add burden and impracticality. To address this, a wireless power transfer and video monitoring system is developed using RF technology and Yolo V3 model. This enables continuous monitoring and employee safety analysis. The system's detection performance is optimized using HPSO, surpassing existing methods in accuracy and speed. It ensures real-time monitoring and improves the detection of potential risk sources, crucial for construction site safety.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.5,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141829836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fares Alharbi, Gautam Siddharth Kashyap, B. Allehyani
This paper details the implementation of a Web crawler aimed at automating ruleset construction for “HTTPS Everywhere,” with a goal to convert HTTP URLs to secure HTTPS equivalents for enhanced communication security. Developed within a seven-month timeframe, the crawler faced challenges in verifying HTTPS support, varying based on SSL certificate existence and validity. Successful ruleset creation and testing in Firefox and Chrome, adhering to stylistic standards, demonstrated the potential for effective development. The paper explores improving productivity through alternative libraries like Scrapy and Scrapy Cloud. While certain goals, such as in-depth cryptocurrency analysis and web crawler background reading, were unmet due to time constraints, valuable insights were gained. The conclusion underscores the difficulties, successes, and promises of automating ruleset generation through web crawlers for “HTTPS Everywhere,” offering valuable recommendations for advancing web security.
{"title":"Automated Ruleset Generation for “HTTPS Everywhere”","authors":"Fares Alharbi, Gautam Siddharth Kashyap, B. Allehyani","doi":"10.4018/ijisp.347330","DOIUrl":"https://doi.org/10.4018/ijisp.347330","url":null,"abstract":"This paper details the implementation of a Web crawler aimed at automating ruleset construction for “HTTPS Everywhere,” with a goal to convert HTTP URLs to secure HTTPS equivalents for enhanced communication security. Developed within a seven-month timeframe, the crawler faced challenges in verifying HTTPS support, varying based on SSL certificate existence and validity. Successful ruleset creation and testing in Firefox and Chrome, adhering to stylistic standards, demonstrated the potential for effective development. The paper explores improving productivity through alternative libraries like Scrapy and Scrapy Cloud. While certain goals, such as in-depth cryptocurrency analysis and web crawler background reading, were unmet due to time constraints, valuable insights were gained. The conclusion underscores the difficulties, successes, and promises of automating ruleset generation through web crawlers for “HTTPS Everywhere,” offering valuable recommendations for advancing web security.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.5,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141831467","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mobile health apps are a digital era revolution, facilitating direct patient-physician communication, lab and test orders, and medication refills. Despite these benefits, security and privacy issues arise due to handling sensitive data. This paper assesses the security and privacy of Saudi Arabian mobile healthcare apps, gauging compliance with the Personal Data Protection Law (PDPL). Results highlight varied PDPL compliance, underscoring the imperative for enhanced security measures in the digital healthcare landscape.
{"title":"Nudging Data Privacy of Mobile Health Applications in Saudi Arabia","authors":"Abdulhakim Sabur, Ahmad J. Showail","doi":"10.4018/ijisp.345647","DOIUrl":"https://doi.org/10.4018/ijisp.345647","url":null,"abstract":"Mobile health apps are a digital era revolution, facilitating direct patient-physician communication, lab and test orders, and medication refills. Despite these benefits, security and privacy issues arise due to handling sensitive data. This paper assesses the security and privacy of Saudi Arabian mobile healthcare apps, gauging compliance with the Personal Data Protection Law (PDPL). Results highlight varied PDPL compliance, underscoring the imperative for enhanced security measures in the digital healthcare landscape.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2024-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141373730","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
At present, network attack means emerge in endlessly. The detection technology of network attack must be constantly updated and developed. Based on this, the two stages of network attack detection (feature selection and traffic classification) are discussed. The improved bat algorithm (O-BA) and the improved random forest algorithm (O-RF) are proposed for optimization. Moreover, the NIS system is designed based on the Agent concept. Finally, the simulation experiment is carried out on the real data platform. The results showed that the detection precision, accuracy, recall, and F1 score of O-BA are significantly higher than those of references [17], [18], [19], and [20], while the false positive rate is the opposite (P < 0.05). The detection precision, accuracy, recall, and F1 score of O-RF algorithm are significantly higher than those of Apriori, ID3, SVM, NSA, and O-RF algorithm, while the false positive rate is significantly lower than that of Apriori, ID3, SVM, NSA, and O-RF algorithm (P < 0.05).
{"title":"Network Information Security Monitoring Under Artificial Intelligence Environment","authors":"Longfei Fu, Yibin Liu, Yanjun Zhang, Ming Li","doi":"10.4018/ijisp.345038","DOIUrl":"https://doi.org/10.4018/ijisp.345038","url":null,"abstract":"At present, network attack means emerge in endlessly. The detection technology of network attack must be constantly updated and developed. Based on this, the two stages of network attack detection (feature selection and traffic classification) are discussed. The improved bat algorithm (O-BA) and the improved random forest algorithm (O-RF) are proposed for optimization. Moreover, the NIS system is designed based on the Agent concept. Finally, the simulation experiment is carried out on the real data platform. The results showed that the detection precision, accuracy, recall, and F1 score of O-BA are significantly higher than those of references [17], [18], [19], and [20], while the false positive rate is the opposite (P < 0.05). The detection precision, accuracy, recall, and F1 score of O-RF algorithm are significantly higher than those of Apriori, ID3, SVM, NSA, and O-RF algorithm, while the false positive rate is significantly lower than that of Apriori, ID3, SVM, NSA, and O-RF algorithm (P < 0.05).","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141381252","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The existing Industrial Internet of Things (IIoT) temporal data analysis methods often suffer from issues such as information loss, difficulty balancing spatial and temporal features, and being affected by training data noise, which can lead to varying degrees of reduced model accuracy. Therefore, a new anomaly detection method was proposed, which integrated Transformer and adversarial training. Firstly, a bidirectional spatiotemporal feature extraction module was constructed by combining Graph Attention Networks (GAT) and Bidirectional Gated Recurrent Unit (BiGRU), which can simultaneously extract spatial and temporal features. Then, by combining multi-scale convolution with Long Short-Term Memory (LSTM), multi-scale contextual information was captured. Finally, an improved Transformer was used to fuse multi-dimensional features, combined with an adversarial-trained variational autoencoder to calculate the anomalies of the input data. This method outperforms other comparison models by conducting experiments on four publicly available datasets.
{"title":"An IIoT Temporal Data Anomaly Detection Method Combining Transformer and Adversarial Training","authors":"Yuan Tian, Wendong Wang, Jingyuan He","doi":"10.4018/ijisp.343306","DOIUrl":"https://doi.org/10.4018/ijisp.343306","url":null,"abstract":"The existing Industrial Internet of Things (IIoT) temporal data analysis methods often suffer from issues such as information loss, difficulty balancing spatial and temporal features, and being affected by training data noise, which can lead to varying degrees of reduced model accuracy. Therefore, a new anomaly detection method was proposed, which integrated Transformer and adversarial training. Firstly, a bidirectional spatiotemporal feature extraction module was constructed by combining Graph Attention Networks (GAT) and Bidirectional Gated Recurrent Unit (BiGRU), which can simultaneously extract spatial and temporal features. Then, by combining multi-scale convolution with Long Short-Term Memory (LSTM), multi-scale contextual information was captured. Finally, an improved Transformer was used to fuse multi-dimensional features, combined with an adversarial-trained variational autoencoder to calculate the anomalies of the input data. This method outperforms other comparison models by conducting experiments on four publicly available datasets.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2024-05-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141004216","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Vulnerability can lead to data loss, privacy leakage and financial loss. Accurate detection and identification of vulnerabilities is essential to prevent information leakage and APT attacks. This paper explores the possibility of digging the valuable information in vulnerability reports deeply. We propose a new model, VCGERG, which products a graph using key information from vulnerability reports and embeds the graph into the vector space using a keywords-LINE graph embedding algorithm based on the attention of neighboring nodes. VCGERG model uses the OVR random forest algorithm to classify vulnerabilities. Our model can get the complicated local and global information of the graph in large-scale dataset and achieve better results. In order to verify the effectiveness of our model, it is evaluated on many experiments. Compared with other models, our method has a higher accuracy rate of 0.975.
{"title":"VCGERG","authors":"Yashu Liu, Xiaoyi Zhao, Xiaohua Qiu, Han-Bing Yan","doi":"10.4018/ijisp.342596","DOIUrl":"https://doi.org/10.4018/ijisp.342596","url":null,"abstract":"Vulnerability can lead to data loss, privacy leakage and financial loss. Accurate detection and identification of vulnerabilities is essential to prevent information leakage and APT attacks. This paper explores the possibility of digging the valuable information in vulnerability reports deeply. We propose a new model, VCGERG, which products a graph using key information from vulnerability reports and embeds the graph into the vector space using a keywords-LINE graph embedding algorithm based on the attention of neighboring nodes. VCGERG model uses the OVR random forest algorithm to classify vulnerabilities. Our model can get the complicated local and global information of the graph in large-scale dataset and achieve better results. In order to verify the effectiveness of our model, it is evaluated on many experiments. Compared with other models, our method has a higher accuracy rate of 0.975.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2024-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141021061","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Almost every living species has a motive to communicate electronically with one another and preserve data for immediate or future use. These data are becoming too large to be maintained on personal storage devices. Technological innovation has cleared the path for vast, remote storage known as the cloud. This innovation is being provided as a service to people and organizations due to the high cost of investment and the high-tech skills needed for its maintenance. Despite the many benefits of cloud computing, data privacy, integrity, and access control are issues that require immediate attention. Many studies have been conducted in order to find solutions to these challenges. In this review, the authors look at the numerous methods that have been proposed to address these security challenges. The research revealed that elliptic curve cryptography and the advance encryption system (AES) were the techniques that were most frequently used to address security issues in the digital world.
{"title":"RSA and Elliptic Curve Encryption System","authors":"Musa Ugbedeojo, M. Adebiyi, O. Aroba, A. Adebiyi","doi":"10.4018/ijisp.340728","DOIUrl":"https://doi.org/10.4018/ijisp.340728","url":null,"abstract":"Almost every living species has a motive to communicate electronically with one another and preserve data for immediate or future use. These data are becoming too large to be maintained on personal storage devices. Technological innovation has cleared the path for vast, remote storage known as the cloud. This innovation is being provided as a service to people and organizations due to the high cost of investment and the high-tech skills needed for its maintenance. Despite the many benefits of cloud computing, data privacy, integrity, and access control are issues that require immediate attention. Many studies have been conducted in order to find solutions to these challenges. In this review, the authors look at the numerous methods that have been proposed to address these security challenges. The research revealed that elliptic curve cryptography and the advance encryption system (AES) were the techniques that were most frequently used to address security issues in the digital world.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2024-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140225276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}