Establishing evolutionary game models for CYBer security information EXchange (CYBEX)
CYBer安全信息交换(CYBEX)演化博弈模型的建立
Journal of Computer and System Sciences, Volume 98, December 2018, Pages 27-52
Deepak Tosh, Shamik Sengupta, Charles A. Kamhoua, Kevin A. Kwiat
摘要:The initiative to protect critical resources against cyber attacks requires security investments complemented with a collaborative sharing effort from every organization. A CYBersecurity information EXchange (CYBEX) framework is required to facilitate cyber-threat intelligence (CTI) sharing among the organizations to abate the impact of cyber attacks. In this research, we present an evolutionary game theoretic framework to investigate the economic benefits of cybersecurity information sharing and analyze the impacts and consequences of not participating in the game. By using micro-economic theory as substrate, we model this framework as human-society inspired evolutionary game among the organizations and investigate the implications of information sharing. Using our proposed dynamic cost adaptation scheme and distributed learning heuristic, organizations are induced toward adopting the evolutionary stable strategy of participating in the sharing framework. We also extend the evolutionary analysis to understand sharing nature of participants in a heterogeneous information exchange environment.
Research and application of virtual user context information security strategy based on group intelligent computing
基于组智能计算的虚拟用户背景信息安全策略研究与应用
Cognitive Systems Research, Volume 52, December 2018, Pages 629-639
Xian Tan, Fasheng Yu
摘要:This article first introduced the current technology of the privacy protection model, and analyzed their characteristics and deficiencies. Afterwards, from the point of view of revenue, the shortcomings of the traditional privacy protection model have analyzed through the group intelligent computing method. Based on this, this paper proposes a research and application of virtual user information of security strategy based on group intelligent computing, through the collection of visitor's private information historical access data, intelligent calculation of the strategy group between the visitor and the interviewee. The setting of the threshold of the visited person can protect the privacy information of the user more effectively. In this paper, the implementation flow, algorithm implementation process, and specific architecture design of the proposed virtual user of privacy protection model based on group intelligent computing are introduced respectively. The specific algorithms include PCA, BP neural network, and genetic algorithm. Finally, the proposed privacy has verified through experiments. Protection model can protect user privacy more effectively than traditional privacy protection model. In the future, we will further expand and improve the privacy protection model of virtual users based on group intelligent computing, including considering the dynamic and inconsistency of access to the privacy information, that is, accessing different private information will produce different overlay effects and parallelism. We will also study how to apply this model to actual systems such as shopping websites and social platforms, and use commercial data to evaluate the performance of the model and further improve it.
A cryptographic model for better information security
信息安全密码模型
Journal of Information Security and Applications, Volume 43, December 2018, Pages 123-138
Sunil Kumar, Manish Kumar, Rajat Budhiraja, M. K. Das, Sanjeev Singh
摘要:In this study, a novel cryptographic model that uses coupled map lattice is proposed for securing image. It incorporates mixing based on randomly generated secret key, sub-keys based substitution, confusion algorithm and coupled map lattice based diffusion process to enrich the security, sensitivity and robustness of the model. The control parameters of coupled map lattice and initial condition of chaotic systems are deduced using externally generated random secret key of 280-bit length. To make the encryption process more dependent on confusion and more sensitive to the encryption key, pixels of a channel are XOR-ed with pixels of other channel with an intelligent mix of sub-keys. Finally, the diffusion model based on coupled map lattice, binds the pixels in a way such that a single-bit change is reflected into a large number of pixels in the cipher image. Resistance to various kinds of attacks like plain text, brute force and statistical attacks are the important features observed in the proposed cryptographic model. Several studies related to correlation coefficients, histogram, anti-noise attacks, plain text analysis, NPCR, key sensitivity, UACI and key space analysis were carried out and corresponding results are given in detail. The simulation results yield an average NPCR score to be about 99.63% and UACI value 33.46%. A number of analysis performed and mentioned here, suggests the proposed model a potential candidate for image encryption application.
Sanction severity and employees’ information security policy compliance: Investigating mediating, moderating, and control variables
约束程度与员工信息安全政策遵守:中介、调节及控制变量研究
Information & Management, Volume 55, Issue 8, December 2018, Pages 1049-1060
Xiaofeng Chen, Dazhong Wu, Liqiang Chen, Joe K. L. Teng
摘要:Information security policy (ISP) plays a critical role in information systems security management. Past research using General Deterrence Theory (GDT) on employees’ compliance intention (CI) with ISP produced mixed results. We use survey data to investigate how other factors influence the relationship between sanction severity and employees’ CI. The results show that none of the investigated moderating variables interacts with sanction severity on employees’ ISP compliance intentions. However, the significant impact of sanction severity on employees’ ISP CI disappears when the investigated variables are included, and the impact of sanction severity is mediated by perceived efficacy and descriptive norm.
An exploration of research information security data affecting organizational compliance
影响组织遵守的研究信息安全数据探索
Data in Brief, Volume 21, December 2018, Pages 1864-1871
Sweden S. De Matas, Brendan P. Keegan
摘要:In this article, data collected from onsite assessments of federal healthcare research programs were reviewed and analyzed. 103 research programs were evaluated for adherence to federal and organizational information security requirements and the data clustered into three primary compliance groupings, technological, procedural, and behavioral. Frequency and cross-tabulation statistics were conducted and chi-square statistics used to test for associations.
