首页 > 最新文献

International Journal of Information Security and Privacy最新文献

英文 中文
Information Security Situation in Blockchain for Secure SDN Based on Big Data in Smart Communities 基于大数据的智慧社区安全SDN区块链信息安全现状
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-04-01 DOI: 10.4018/ijisp.308315
Feilu Hang, Linjiang Xie, Zhenhong Zhang, W. Guo, Hanruo Li
In the internet of things (IoT) and big data, the global information society is entering a new phase where consumers, networks, and perception devices work together more intimately. Software-defined networks (SDN) offer lower latency and massive connectivity for intelligent devices (IoT) for the internet of things. Smart communities are one of the most important applications of the blockchain. SDN technology is used to provide residents with smart services. Situational awareness for information security offers a distinct, high-level security perspective based on security alarm occurrences. However, contemporary information security warning data has become too complicated and varied than a simple analysis is almost impossible. In addition to enhancing IoT security's monitoring, emergency response, and forecasting capabilities, this article presents an IoT-assisted information security situation awareness framework (IoT-ISSAF). SDN model has been validated through simulation as being able to accurately assess the current state of network security in blockchain.
在物联网(IoT)和大数据领域,全球信息社会正进入一个新阶段,消费者、网络和感知设备将更加紧密地合作。软件定义网络(SDN)为物联网的智能设备(IoT)提供了更低的延迟和大规模连接。智能社区是区块链最重要的应用之一。SDN技术用于为居民提供智能服务。信息安全的态势感知提供了一个基于安全警报事件的独特的高级安全视角。然而,当代信息安全预警数据已经变得过于复杂和多样化,而简单的分析几乎是不可能的。除了增强物联网安全的监测、应急响应和预测能力外,本文还提出了一个物联网辅助信息安全态势感知框架(IoT ISSAF)。SDN模型已通过仿真验证,能够准确评估区块链中的网络安全现状。
{"title":"Information Security Situation in Blockchain for Secure SDN Based on Big Data in Smart Communities","authors":"Feilu Hang, Linjiang Xie, Zhenhong Zhang, W. Guo, Hanruo Li","doi":"10.4018/ijisp.308315","DOIUrl":"https://doi.org/10.4018/ijisp.308315","url":null,"abstract":"In the internet of things (IoT) and big data, the global information society is entering a new phase where consumers, networks, and perception devices work together more intimately. Software-defined networks (SDN) offer lower latency and massive connectivity for intelligent devices (IoT) for the internet of things. Smart communities are one of the most important applications of the blockchain. SDN technology is used to provide residents with smart services. Situational awareness for information security offers a distinct, high-level security perspective based on security alarm occurrences. However, contemporary information security warning data has become too complicated and varied than a simple analysis is almost impossible. In addition to enhancing IoT security's monitoring, emergency response, and forecasting capabilities, this article presents an IoT-assisted information security situation awareness framework (IoT-ISSAF). SDN model has been validated through simulation as being able to accurately assess the current state of network security in blockchain.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":" ","pages":""},"PeriodicalIF":0.8,"publicationDate":"2022-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48469475","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Network Anomalies Detection Approach Based on Weighted Voting 基于加权投票的网络异常检测方法
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.2022010105
S. Sakulin, Alexander Alfimtsev, K. Kvitchenko, Leonid Dobkacz, Yuri Kalgin, Igor I. Lychkov
To avoid information systems malfunction, their integrity disruption, availability violation as well as data confidentiality, it is necessary to detect anomalies in information system operation as quickly as possible. The anomalies are usually caused by malicious activity – information systems attacks. However, the current approaches to detect anomalies in information systems functioning have never been perfect. In particular, statistical and signature-based techniques do not allow detection of anomalies based on modifications of well-known attacks, dynamic approaches based on machine learning techniques result in false responses and frequent anomaly miss-outs. Therefore, various hybrid solutions are being frequently offered on the basis of those two approaches. The paper suggests a hybrid approach to detect anomalies by combining computationally efficient classifiers of machine learning with accuracy increase due to weighted voting. Pilot evaluation of the developed approach proved its feasibility for anomaly detection systems.
为了避免信息系统的故障、完整性破坏、可用性侵犯和数据保密性,需要尽快发现信息系统运行中的异常。异常通常是由恶意活动——信息系统攻击——引起的。然而,目前检测信息系统功能异常的方法从来都不是完美的。特别是,基于统计和签名的技术不允许基于已知攻击的修改来检测异常,基于机器学习技术的动态方法导致错误的响应和频繁的异常遗漏。因此,在这两种方法的基础上,经常提供各种混合解决方案。本文提出了一种混合方法,通过将计算效率高的机器学习分类器与加权投票的准确性提高相结合来检测异常。对该方法的中试评价证明了其在异常检测系统中的可行性。
{"title":"Network Anomalies Detection Approach Based on Weighted Voting","authors":"S. Sakulin, Alexander Alfimtsev, K. Kvitchenko, Leonid Dobkacz, Yuri Kalgin, Igor I. Lychkov","doi":"10.4018/ijisp.2022010105","DOIUrl":"https://doi.org/10.4018/ijisp.2022010105","url":null,"abstract":"To avoid information systems malfunction, their integrity disruption, availability violation as well as data confidentiality, it is necessary to detect anomalies in information system operation as quickly as possible. The anomalies are usually caused by malicious activity – information systems attacks. However, the current approaches to detect anomalies in information systems functioning have never been perfect. In particular, statistical and signature-based techniques do not allow detection of anomalies based on modifications of well-known attacks, dynamic approaches based on machine learning techniques result in false responses and frequent anomaly miss-outs. Therefore, various hybrid solutions are being frequently offered on the basis of those two approaches. The paper suggests a hybrid approach to detect anomalies by combining computationally efficient classifiers of machine learning with accuracy increase due to weighted voting. Pilot evaluation of the developed approach proved its feasibility for anomaly detection systems.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"1-17"},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70458921","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Information Security and Privacy: 27th Australasian Conference, ACISP 2022, Wollongong, NSW, Australia, November 28–30, 2022, Proceedings 信息安全和隐私:第27届澳大利亚会议,ACISP 2022,卧龙岗,新南威尔士州,澳大利亚,2022年11月28日至30日,会议录
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.1007/978-3-031-22301-3
{"title":"Information Security and Privacy: 27th Australasian Conference, ACISP 2022, Wollongong, NSW, Australia, November 28–30, 2022, Proceedings","authors":"","doi":"10.1007/978-3-031-22301-3","DOIUrl":"https://doi.org/10.1007/978-3-031-22301-3","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"50 1","pages":""},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82161869","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Improved Feature-Level Fusion-Based Biometric System for Genuine and Imposter Identification 改进的基于特征级融合的真伪识别生物识别系统
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.307068
R. BharathM., K. A. R. Rao
{"title":"Improved Feature-Level Fusion-Based Biometric System for Genuine and Imposter Identification","authors":"R. BharathM., K. A. R. Rao","doi":"10.4018/ijisp.307068","DOIUrl":"https://doi.org/10.4018/ijisp.307068","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"1-44"},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70459423","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Privacy Disclosure in the Real World: An Experimental Study 现实世界中的隐私披露:一项实验研究
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.2022010101
Siyu Wang, Nafei Zhu, Jingsha He, Da Teng, Yue Yang
Privacy protection is a hot topic in network security, many scholars are committed to evaluating privacy information disclosure by quantifying privacy, thereby protecting privacy and preventing telecommunications fraud. However, in the process of quantitative privacy, few people consider the reasoning relationship between privacy information, which leads to the underestimation of privacy disclosure and privacy disclosure caused by malicious reasoning. This paper completes an experiment on privacy information disclosure in the real world based on WordNet ontology .According to a privacy measurement algorithm, this experiment calculates the privacy disclosure of public figures in different fields, and conducts horizontal and vertical analysis to obtain different privacy disclosure characteristics. The experiment not only shows the situation of privacy disclosure, but also gives suggestions and method to reduce privacy disclosure.
隐私保护是网络安全领域的热点问题,许多学者致力于通过对隐私进行量化来评估隐私信息披露,从而保护隐私,防范电信诈骗。然而,在量化隐私的过程中,很少有人考虑隐私信息之间的推理关系,从而导致对隐私披露的低估和恶意推理导致的隐私披露。本文基于WordNet本体完成了现实世界中隐私信息披露的实验,根据一种隐私测量算法,对不同领域公众人物的隐私披露进行了计算,并进行了横向和纵向分析,得到了不同的隐私披露特征。实验不仅展示了隐私泄露的现状,还提出了减少隐私泄露的建议和方法。
{"title":"Privacy Disclosure in the Real World: An Experimental Study","authors":"Siyu Wang, Nafei Zhu, Jingsha He, Da Teng, Yue Yang","doi":"10.4018/ijisp.2022010101","DOIUrl":"https://doi.org/10.4018/ijisp.2022010101","url":null,"abstract":"Privacy protection is a hot topic in network security, many scholars are committed to evaluating privacy information disclosure by quantifying privacy, thereby protecting privacy and preventing telecommunications fraud. However, in the process of quantitative privacy, few people consider the reasoning relationship between privacy information, which leads to the underestimation of privacy disclosure and privacy disclosure caused by malicious reasoning. This paper completes an experiment on privacy information disclosure in the real world based on WordNet ontology .According to a privacy measurement algorithm, this experiment calculates the privacy disclosure of public figures in different fields, and conducts horizontal and vertical analysis to obtain different privacy disclosure characteristics. The experiment not only shows the situation of privacy disclosure, but also gives suggestions and method to reduce privacy disclosure.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"1-22"},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70458968","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Ensemble approach for feature selection and classification in intrusion detection using Extra-Tree algorithm 基于Extra-Tree算法的入侵检测特征选择与分类集成方法
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.2022010113
The number of attacks increased with speedy development in web communication in the last couple of years. The Anomaly Detection method for IDS has become substantial in detecting novel attacks in Intrusion Detection System (IDS). Achieving high accuracy are the significant challenges in designing an intrusion detection system. It also emphasizes applying different feature selection techniques to identify the most suitable feature subset. The author uses Extremely randomized trees (Extra-Tree) for feature importance. The author tries multiple thresholds on the feature importance parameters to find the best features. If single classifiers use, then the classifier's output is wrong, so that the final decision may be wrong. So The author uses an Extra-Tree classifier applied to the best-selected features. The proposed method is estimated on standard datasets KDD CUP'99, NSL-KDD, and UNSW-NB15. The experimental results show that the proposed approach performs better than existing methods in detection rate, false alarm rate, and accuracy.
近年来,随着网络通信的飞速发展,网络攻击的数量不断增加。入侵检测系统的异常检测方法已成为入侵检测系统中检测新型攻击的重要手段。在入侵检测系统设计中,实现高精度是一个重要的挑战。它还强调应用不同的特征选择技术来识别最合适的特征子集。作者使用极端随机树(Extra-Tree)来表示特征的重要性。作者在特征重要性参数上尝试了多个阈值来寻找最佳特征。如果单个分类器使用,那么分类器的输出是错误的,从而最终的决策可能是错误的。因此,作者使用Extra-Tree分类器应用于最佳选择的特征。在标准数据集KDD CUP'99、NSL-KDD和UNSW-NB15上对该方法进行了估计。实验结果表明,该方法在检测率、虚警率和准确率方面均优于现有方法。
{"title":"An Ensemble approach for feature selection and classification in intrusion detection using Extra-Tree algorithm","authors":"","doi":"10.4018/ijisp.2022010113","DOIUrl":"https://doi.org/10.4018/ijisp.2022010113","url":null,"abstract":"The number of attacks increased with speedy development in web communication in the last couple of years. The Anomaly Detection method for IDS has become substantial in detecting novel attacks in Intrusion Detection System (IDS). Achieving high accuracy are the significant challenges in designing an intrusion detection system. It also emphasizes applying different feature selection techniques to identify the most suitable feature subset. The author uses Extremely randomized trees (Extra-Tree) for feature importance. The author tries multiple thresholds on the feature importance parameters to find the best features. If single classifiers use, then the classifier's output is wrong, so that the final decision may be wrong. So The author uses an Extra-Tree classifier applied to the best-selected features. The proposed method is estimated on standard datasets KDD CUP'99, NSL-KDD, and UNSW-NB15. The experimental results show that the proposed approach performs better than existing methods in detection rate, false alarm rate, and accuracy.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":" ","pages":""},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45963517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Secure and Flexible Key Protected Identity Framework for Mobile Devices 安全灵活的移动设备密钥保护身份框架
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.2022010117
Kapil Kant Kamal, M. Kapoor, Padmaja Joshi
Mobile or IOT based applications are emerging rapidly across the globe and there is a massive digital transformation happening within each country. It is a need of an hour to improve and protect digital identity during online transactions through handheld devices. This paper proposes a Mobile ID solution based on Mobile-originated PKI without the need for the actual identity card or a card reader. The solution proposed focuses on security, privacy, and usability using open standards which will protect Personally Identifiable Information (PII) over handheld devices. The proposed mobile ID solution has better cost-efficacy and privacy than today’s scenario. It also explicates the Mobile ID solution with established secure identity among users, authorities, other organizations of public, and private sectors.
基于移动或物联网的应用正在全球范围内迅速兴起,每个国家都在进行大规模的数字化转型。在通过手持设备进行网上交易时,改善和保护数字身份需要一个小时。本文提出了一种基于移动端PKI的移动身份识别解决方案,无需实际的身份证或读卡器。提出的解决方案侧重于使用开放标准保护手持设备上的个人身份信息(PII)的安全性、隐私性和可用性。与目前的方案相比,提出的移动身份证解决方案具有更好的成本效益和隐私性。它还说明了在用户、当局、公共和私营部门的其他组织之间建立安全身份的移动ID解决方案。
{"title":"Secure and Flexible Key Protected Identity Framework for Mobile Devices","authors":"Kapil Kant Kamal, M. Kapoor, Padmaja Joshi","doi":"10.4018/ijisp.2022010117","DOIUrl":"https://doi.org/10.4018/ijisp.2022010117","url":null,"abstract":"Mobile or IOT based applications are emerging rapidly across the globe and there is a massive digital transformation happening within each country. It is a need of an hour to improve and protect digital identity during online transactions through handheld devices. This paper proposes a Mobile ID solution based on Mobile-originated PKI without the need for the actual identity card or a card reader. The solution proposed focuses on security, privacy, and usability using open standards which will protect Personally Identifiable Information (PII) over handheld devices. The proposed mobile ID solution has better cost-efficacy and privacy than today’s scenario. It also explicates the Mobile ID solution with established secure identity among users, authorities, other organizations of public, and private sectors.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"1-17"},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70459564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
An Effective Intrusion Detection System Using Homogeneous Ensemble Techniques 基于同构集成技术的有效入侵检测系统
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.2022010112
F. Masoodi, Iram Abrar, A. Bamhdi
In this work, homogeneous ensemble techniques, namely bagging and boosting were employed for intrusion detection to determine the intrusive activities in network by monitoring the network traffic. Simultaneously, model diversity was enhanced as numerous algorithms were taken into account, thereby leading to an increase in the detection rate Several classifiers, i.e., SVM, KNN, RF, ETC and MLP) were used in case of bagging approach. Likewise, tree-based classifiers have been employed for boosting. The proposed model was tested on NSL-KDD dataset that was initially subjected to preprocessing. Accordingly, ten most significant features were identified using decision tree and recursive feature elimination method. Furthermore, the dataset was divided into five subsets, each one them being subjected to training, and the final results were obtained based on majority voting. Experimental results proved that the model was effective for detecting intrusive activities. Bagged ETC and boosted RF outperformed all the other classifiers with an accuracy of 99.123% and 99.309%, respectively.
在本研究中,入侵检测采用同构集成技术,即bagging和boosting,通过监测网络流量来确定网络中的入侵活动。同时,由于考虑了多种算法,增强了模型的多样性,从而提高了检测率。在bagging方法中,使用了SVM、KNN、RF、ETC和MLP等几种分类器。同样,基于树的分类器也被用于提升。在初步预处理的NSL-KDD数据集上对该模型进行了测试。利用决策树和递归特征消去法,识别出10个最显著的特征。进一步,将数据集分成5个子集,每个子集都进行训练,并基于多数投票获得最终结果。实验结果表明,该模型对入侵活动检测是有效的。Bagged ETC和boosting RF分别以99.123%和99.309%的准确率优于所有其他分类器。
{"title":"An Effective Intrusion Detection System Using Homogeneous Ensemble Techniques","authors":"F. Masoodi, Iram Abrar, A. Bamhdi","doi":"10.4018/ijisp.2022010112","DOIUrl":"https://doi.org/10.4018/ijisp.2022010112","url":null,"abstract":"In this work, homogeneous ensemble techniques, namely bagging and boosting were employed for intrusion detection to determine the intrusive activities in network by monitoring the network traffic. Simultaneously, model diversity was enhanced as numerous algorithms were taken into account, thereby leading to an increase in the detection rate Several classifiers, i.e., SVM, KNN, RF, ETC and MLP) were used in case of bagging approach. Likewise, tree-based classifiers have been employed for boosting. The proposed model was tested on NSL-KDD dataset that was initially subjected to preprocessing. Accordingly, ten most significant features were identified using decision tree and recursive feature elimination method. Furthermore, the dataset was divided into five subsets, each one them being subjected to training, and the final results were obtained based on majority voting. Experimental results proved that the model was effective for detecting intrusive activities. Bagged ETC and boosted RF outperformed all the other classifiers with an accuracy of 99.123% and 99.309%, respectively.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"1-18"},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70458988","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Predicting Security-Vulnerable Developers Based on Their Techno-Behavioral Characteristics 基于技术行为特征的安全漏洞开发者预测
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.2022010103
M. D. J. S. Goonetillake, Rangana Jayashanka, S. V. Rathnayaka
Assigning developers for highly secured software projects requires identifying developers’ tendency to contribute towards vulnerable software codes called developer-centric security vulnerability to mitigate issues on human resource management, financial and project timelines. There are problems in assessing the previous codebases in evaluating the developer-centric security vulnerability level of each developer. Thus, this paper suggests a method to evaluate this through the techno-behavioral features of their previous projects. Consequently, we present results of an exploratory study of the developer-centric security vulnerability level prediction using a dataset of 1827 developers by logically selecting 13 techno-behavioral features. Our results depict that there is a correlation between techno-behavioral features and developer-centric security vulnerability with 89.46% accuracy. This model enables to predict developer-centric security vulnerability level of any developer if the required techno-behavioral features are available avoiding the analysis of his/her previous codebases.
为高度安全的软件项目分配开发人员需要确定开发人员倾向于为易受攻击的软件代码(称为以开发人员为中心的安全漏洞)做出贡献,以减轻人力资源管理、财务和项目时间表上的问题。在评估每个开发人员的以开发人员为中心的安全漏洞级别时,评估以前的代码库存在问题。因此,本文提出了一种通过他们以前项目的技术行为特征来评估这一点的方法。因此,我们使用1827个开发人员的数据集,通过逻辑选择13个技术行为特征,提出了以开发人员为中心的安全漏洞级别预测的探索性研究结果。我们的研究结果表明,技术行为特征与以开发人员为中心的安全漏洞之间存在着89.46%的相关性。如果所需的技术行为特性可用,该模型可以预测任何开发人员的以开发人员为中心的安全漏洞级别,从而避免分析他/她以前的代码库。
{"title":"Predicting Security-Vulnerable Developers Based on Their Techno-Behavioral Characteristics","authors":"M. D. J. S. Goonetillake, Rangana Jayashanka, S. V. Rathnayaka","doi":"10.4018/ijisp.2022010103","DOIUrl":"https://doi.org/10.4018/ijisp.2022010103","url":null,"abstract":"Assigning developers for highly secured software projects requires identifying developers’ tendency to contribute towards vulnerable software codes called developer-centric security vulnerability to mitigate issues on human resource management, financial and project timelines. There are problems in assessing the previous codebases in evaluating the developer-centric security vulnerability level of each developer. Thus, this paper suggests a method to evaluate this through the techno-behavioral features of their previous projects. Consequently, we present results of an exploratory study of the developer-centric security vulnerability level prediction using a dataset of 1827 developers by logically selecting 13 techno-behavioral features. Our results depict that there is a correlation between techno-behavioral features and developer-centric security vulnerability with 89.46% accuracy. This model enables to predict developer-centric security vulnerability level of any developer if the required techno-behavioral features are available avoiding the analysis of his/her previous codebases.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"1-26"},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70458745","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Novel Chaotic Shark Smell Optimization With LSTM for Spatio-Temporal Analytics in Clustered WSN 基于LSTM的混沌鲨鱼气味优化方法在聚类WSN时空分析中的应用
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.308310
M. KusumaS., N. VeenaK., B. Varun
{"title":"A Novel Chaotic Shark Smell Optimization With LSTM for Spatio-Temporal Analytics in Clustered WSN","authors":"M. KusumaS., N. VeenaK., B. Varun","doi":"10.4018/ijisp.308310","DOIUrl":"https://doi.org/10.4018/ijisp.308310","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"1-16"},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70459533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
International Journal of Information Security and Privacy
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1