Security Classification Research Articles

Classification and Mapping of Adaptive Security for Mobile Computing

Context: Mobile computing has emerged as a disruptive technology that has empowered its users with portable, connected and context-aware computation. However, issues such as resource poverty, energy efficiency and specifically data security and privacy represents the critical challenges for mobile computing. Objective: The objective of this work is to systematically identify, taxonomically classify and map the state-of-research on adaptive security (a.k.a. self-protection) for mobile computing. Methodology: We followed evidence based software engineering method to conduct a systematic mapping study of 43 qualitatively selected studies-published from 2003 to 2017-on adaptive security for mobile computing. Results and Conclusions: Classification and mapping of the research highlights three prominent themes that support adaptive security for (i) Mobile Device Data and Resources, (ii) Mobile to Mobile Communication, and (iii) Mobile to Server Communication. Mapping analysis suggests that security of mobile device data and resources is the most researched theme. The mapping study highlights that active and futuristic research trends are primarily focused on security as a service, whereas; the frequent research challenges relate to self-protecting mobile devices, user-driven privacy decisions and context-aware security. The results of the mapping study facilitate knowledge transfer that can benefit researchers and practitioners to understand the role of adaptive and context-aware security in mobile computing environments.

The legal issues of the substantiation of new types of national
 security

The subject of the article is the typology of national security, and controversial issues of the
 selection.
 The purpose of the article is to identify causes of a large number of security’s forms both in
 theory and in practice, also to analyze acts in this sphere.
 The methodology of the article includes analysis, synthesis, formal-legal and comparativelegal methods.
 The main results of the research. The author focuses on the problem of types of national
 security. The author investigates the national security and methodological, theoretical and
 legal aspects of the classification of national security’s forms. The reason for the diversity
 of types of national security should also be recognized as the lack of a clear classification of
 them. Author investigates the mechanism for detaching forms of national security in acts
 of the Russian Federation in the field of security and suggests that new forms of nation
 security (moral security and culture security) should appear in base document of strategic
 planning of the national security. Moral security includes cultural, ideological, informational, psychological, scientific, educational, and religious security. Cultural security in its
 most general form is the stable existence of culture, the protection of this sphere from internal and external threats, for example, such as the emasculation of spiritual and moral
 values and globalization.
 Conclusions. The identification of new types of national security is an objective process due
 to the very versatility of such a phenomenon as national security. At the same time, it
 should be recognized that the sphere of spirit and morality in the context of spiritual security does not belong to the legal science, but rather to the field of philosophy and religion.
 In this regard, their inclusion, even as an adjective, in the text of the strategic planning document raises doubts, so the use of the phrase "moral security" in legal acts in the near future, in our opinion, can hardly be expected.

A New Maritime Security Architecture for the 21st Century Maritime Silk Road: The South China Sea and the Persian Gulf

China and Iran have the ancient gate of Maritime Silk Road, as well as two new superhighways within this road, namely Strait of Hormuz and Malacca Strait. Unlike the Strait of Hormuz, maritime security in the Malacca Strait needs to be redesigned and re-established by littoral states for the safe corridor. The aim of this study is to find out the new concept and classification of maritime security, namely direct and indirect insecurity elements. This study illustrates that the most remarkable direct and indirect elements are respectively piracy, armed robbery, and external state presence. It is acknowledged that the continuous and dangerous presence of an external state is the indirect insecurity element. In the light of the USA's violation and destabilizing activities in the Persian Gulf and the South China Sea, its presence and passage are considered as noninnocent activities, as these are prejudicial to the good order, peace and security of states located along the coast. Therefore, a new doctrine called the Doctrine of No Sheriff is offered in this article to possibly prevent the uprising of hegemonies in every region in the future.

A Review on Human Healthcare Internet of Things: A Technical Perspective

The Internet of Things (IoT) is a promising technology which interconnects the available resources to offer reliable and effective smart objects. The smart objects act as a definitive building block in the development of interdisciplinary cyber-physical systems and smart ubiquitous frameworks. The IoT revolution is improving the potential of healthcare infrastructures for providing quality care to patients and assisted living. IoT is renovating the traditional healthcare system with promising technical, economic and social forecasts. The current researches in the IoT have opened more possibilities in the field of medicine that aims to improve the quality of healthcare with minimum cost. This survey paper explores the advances in Human Healthcare Internet of Things (H2IoT) and analyses the present-day networks, architectures, topologies, platforms, services and applications in healthcare. This paper also surveys the challenges in H2IoT design, privacy, security, threats and attack classification.

Security of aircraft infrastructure objects: theoretical aspects

The article determines that the basis for effective activity for the protection of critical infrastructure facilities is the formation of a system of legislative definition of criteria for attribution to the critical infrastructure of the state of the relevant facilities, including aviation. The basis of legislative and organizational activity in this sense is the implementation of scientific research aimed at the formation of scientific and organizational security of aviation objects. It is stated that beyond the scope of modern research in aviation security and in the whole of all critical infrastructure objects there remain: theoretical clarification of the essence and correlation of such theoretical and applied categories of different types of security with regard to critical infrastructure and aviation transport objects. The reasons and conditions for the formation of security threats to the entire aviation infrastructure of Ukraine have not been properly investigated. The necessity of development of theoretical and applied and legal problems of safety of the objects of aviation transport of Ukraine is determined not only by the intervention in the activity of civil aviation, but also by the whole complex of conditions of normal activity of structures and subjects of business activity of objects of aviation infrastructure. The purpose of the article is to create on the basis of a series of articles a theoretical basis for organizational and legal security of objects of aviation transport infrastructure. The purpose of the article was implemented in a systematic approach to the study of existing problems in the security sphere of aviation infrastructure. The use of a set of general and specific research methods made it possible to determine the factors and content of the causes and conditions of the formation of threats to the security of all aviation transport infrastructure in Ukraine. This approach made it possible to conclude that the content of security of aviation infrastructure and economic entities located in their territory can be viewed from several positions: First - as conditions in which there is a complex system where the action of external factors and internal factors does not lead to the emergence of threats and negative objective and subjective negative processes. Secondly, as a condition of critical infrastructure - aviation, at which the risk of harming people or property is reduced to an acceptable level. Thirdly - as a type of activity of authorized structural units for creation of normative conditions for functioning of critical infrastructure objects - aviation transport. Taking into account the analysis of the practice, legislative and departmental regulations and opinions of scientists, a differentiated classification of security threats to aviation infrastructure objects is given, with determination of their impact on each element of the infrastructure.

Secure and Efficient k NN Classification for Industrial Internet of Things

The ${k}$ -nearest neighbors ( ${k}$ NN) classification has been widely used for defective product identification and anomaly detection in the Industrial Internet of Things (IIoT). In this article, we propose a secure and efficient distributed ${k}$ NN classification algorithm (SEED- ${k}$ NN) to prevent information and control flow exposure while supporting large-scale data classification on distributed servers. Specifically, we first design a secure and efficient vector homomorphic encryption (VHE) scheme by constructing a key-switching matrix and a noise matrix for data encryption. Based on the designed VHE, SEED- ${k}$ NN is proposed to efficiently achieve the confidentiality of data flow, ${k}$ NN query, and class label, while enabling homomorphic operations on the encrypted data. Moreover, by leveraging the Map/Reduce architecture, SEED- ${k}$ NN enables the ${k}$ NN classification over the large-scale encrypted data on distributed servers for industrial control systems. Finally, we demonstrate that SEED- ${k}$ NN achieves semantic security and high classification accuracy, and is applicable in IIoT due to its high efficiency.

Cyber security incidents analysis and classification in a case study of Korean enterprises

The increasing amount and complexity of Cyber security attacks in recent years have made text analysis and data mining techniques an important factor in discovering features of such attacks and detecting future security threats. In this paper, we report on the results of a recent case study that involved the analysis of a community data set collected from five small and medium companies in Korea. The data set represents Cyber security incidents and response actions. We investigated in the study the kind of problems concerned with the prediction of response actions to future incidents from features of past incidents. Our analysis is based on text mining methods, such as n-gram and bag-of-words, as well as on machine learning algorithms for the classification of incidents and their response actions. Based on the results of the study, we also suggest an experience-sharing model, which we use to demonstrate how companies may share their trained classifiers without the sharing of their individual data sets in a collaborative environment.

Information security: anti-virus protection technologies.

The article deals with the normative and methodological bases of classification of information security threats related to the use of malware against information systems. The threats to the impact on the information systems of certain types of malware are highlighted. In the process, antivirus experts desing and develop new methodologies to make them stronger, more and more every day. The purpose of this paper is to reviev these methodologies and outline their strengths and weaknesses to encourage those and interested in more investigation on these areas.

A Methodology for Security Classification applied to Smart Grid Infrastructures

The electricity grid is an important critical infrastructure that is undergoing major changes, due to the Internet of Things (IoT) and renewable energy, heading towards the smart grid. However, besides the many good promises of the smart grid, such as better peak control, cheaper maintenance, and more open energy markets, there are many new security threats evolving, especially from the IoT side, and also from the diversification of the systems and practices that the smart grid brings. We thus see the need for more light-weight and dynamic methods for conducting security analyses of systems applicable at (re)design time, intended to help system engineers build secure systems from the start. As a consequence, the methods should also look more at the functionalities (exposure/protection) of the system than at the possible attacks.In this paper we propose a methodology called Smart Grid Security Classification (SGSC) developed for complex systems like the smart grid, focusing on the specifics of Advanced Metering Infrastructure (AMI) systems. Our methodology is built upon the Agence nationale de la sécurité des systémes d’information (ANSSI) standard methodology for security classification of general Information and Communication Systems (ICS). Analyses performed following our method easily translate into ANSSI valid reports. Our SGSC is related to methods of risk analysis with the difference that our classification method has the purpose to assign a system to a security class, based on (combinations of) scores given to the various exposure aspects of the system and the respective protection mechanisms implemented; without looking at attackers. There are multiple uses of SGSC, such as offering indications to decision-makers about the security aspects of a system and for deciding purchasing strategies, for regulatory bodies to certify various complex infrastructure systems, but also for system/security designers to make easier choices of correct functionalities that would allow to reach a desired level of security. Particularly useful for smart grid systems is the discussion and mapping that we do of the SGSC methodology to a complex AMI infrastructure description derived from real deployments being done in ongoing Norwegian smart grid upgrades.

A Spatially Transferable Drought Hazard and Drought Risk Modeling Approach Based on Remote Sensing Data

Drought adversely affects vegetation conditions and agricultural production and consequently the food security and livelihood situation of the often most vulnerable communities. In spite of recent advances in modeling drought risk and impact, coherent and explicit information on drought hazard, vulnerability and risk is still lacking over wider areas. In this study, a spatially explicit drought hazard, vulnerability, and risk modeling framework was investigated for agricultural land, grassland and shrubland areas. The developed drought hazard model operates on a higher spatial resolution than most available drought models while also being scalable to other regions. Initially, a logistic regression model was developed to predict drought hazard for rangelands and croplands in the USA. The drought hazard model was cross-verified for the USA using the United States Drought Monitor (USDM). The comparison of the model with the USDM showed a good spatiotemporal agreement, using visual interpretation. Subsequently, the explicit and accurate USA model was transferred and calibrated for South Africa and Zimbabwe, where drought vulnerability and drought risk were assessed in combination with drought hazard. The drought hazard model used time series crop yields data from the Food and Agriculture Organization Corporate Statistical Database (FAOSTAT) and biophysical predictors from satellite remote sensing (SPI, NDVI, NDII, LST, albedo). A McFadden’s Pseudo R² value of 0.17 for the South African model indicated a good model fit. The plausibility of the drought hazard model results in southern Africa was evaluated by using regional climate patterns, published drought reports and a visual comparison to a global drought risk model and food security classification data. Drought risk and vulnerability were assessed for southern Africa and could also be spatially explicit mapped showing, for example, lower drought vulnerability and risk over irrigated areas. The innovative aspect of the presented drought hazard model is that it can be applied to other countries at a global scale, since it only uses globally available data sets and therefore can be easily modified to account for country-specific characteristics. At the same time, it can capture regional drought conditions through a higher resolution than other existing global drought hazard models. This model addressed the gap between global drought models, that cannot spatially and temporally explicitly capture regional drought effects, and sub-regional drought models that may be spatially explicit but not spatially transferable. Since we used globally available and spatially consistent data sets (both as predictors and response variables), the approach of this study can potentially be used globally to enhance existing modelling routines, drought intervention strategies and preparedness measures.

Systematic Review on Security and Privacy Requirements in Edge Computing: State of the Art and Future Research Opportunities

Edge computing is a promising paradigm that enhances the capabilities of cloud computing. In order to continue patronizing the computing services, it is essential to conserve a good atmosphere free from all kinds of security and privacy breaches. The security and privacy issues associated with the edge computing environment have narrowed the overall acceptance of the technology as a reliable paradigm. Many researchers have reviewed security and privacy issues in edge computing, but not all have fully investigated the security and privacy requirements. Security and privacy requirements are the objectives that indicate the capabilities as well as functions a system performs in eliminating certain security and privacy vulnerabilities. The paper aims to substantially review the security and privacy requirements of the edge computing and the various technological methods employed by the techniques used in curbing the threats, with the aim of helping future researchers in identifying research opportunities. This paper investigate the current studies and highlights the following: (1) the classification of security and privacy requirements in edge computing, (2) the state of the art techniques deployed in curbing the security and privacy threats, (3) the trends of technological methods employed by the techniques, (4) the metrics used for evaluating the performance of the techniques, (5) the taxonomy of attacks affecting the edge network, and the corresponding technological trend employed in mitigating the attacks, and, (6) research opportunities for future researchers in the area of edge computing security and privacy.

СТРУКТУРНО-КЛАСИФІКАЦІЙНА ХАРАКТЕРИСТИКА ЗАБЕЗПЕЧЕННЯ ІНФОРМАЦІЙНОЇ БЕЗПЕКИ

The article reveals the main aspects of the structural and classification characteristics of providing information security. In the context of revealing the purpose of scientific research processed a number of sources, separate articles of the Constitution of Ukraine, the Decree of the President of Ukraine “On the decision of the National Security and Defense Council of Ukraine of December 29, 2016 “On the Doctrine of Information Security of Ukraine”, some articles of the Law of Ukraine “On the Concept of the National Informatization Program”, the Law of Ukraine “On Information”, the Law of Ukraine “On State Secrets” and the Law of Ukraine “On Access to Public Information”. It is determined that information security is a state and level of protection of the information sphere and is manifested in the formation, use and development of the interests of both citizens and society, including the state as a whole. It is established that information security has an interdisciplinary nature, namely it covers the legal, technical, technological, psychological foundations and causes great complexity and multilevel relationships between the components of information security. It is proved that the application of approaches to the classification of information security, which are used in the scientific article, is one of the ways to carry out a structural analysis of the process of providing information security, without violating the relationships between its components. It has been determined that the key features of each of the components of the provisioning process allow in the future to carry out the process of ensuring information security in a comprehensive manner and form the tactical and strategic directions of such activities. It was found that consideration and reflection of all the main issues of comprehensive providing information security allows to harmonize the Ukrainian legislation in the information sphere, and this in the long run will contribute to the formation of an effective state policy in the information sphere.

TRANSFORMATION SYSTEM OF TOURIST SERVICES: THE CHALLENGES OF MODERNITY

Objective. The objective of the article is to disclose the factors of the security component influ­ence on the development of the transformation system of tourism services, classification of security threats and ways to overcome them. Methods. Theoretical and methodological basis of the study are general scientific methods of analysis, synthesis, abstraction, classification, generalization, integrated approach. The scientific works of domestic and foreign scientists on the security of the tourist services system are used in the research. Results. In the article the authors consider the peculiarities of tourism safety in the global crisis and pandemic. An overview and assessment of threats and crises that have a negative impact on the security of the transformation system of tourism services are given. The authors of the article determine the relevance of this issue in ensuring the security of the tourism services system, which should be considered comprehensively and become a priority for the tourism industry in Ukraine. The paper proves the importance of the security component of tourism services, which puts first the safety of human life and health, and then the interests and needs of tourists, travel com­panies. According to the authors, the safety factors of tourism services have been expanded, supple­mented by a new factor — the system ofprotection against pandemics at the global, national and local levels in the field of tourism. The authors have developed differentiation of features of crisis situations, systematized their classification of security threats to the system of tourist services, provided practical measures to resolve crisis situations that require constant monitoring and improvement. The proposed measures to ensure the safety of Ukrainian tourists will accelerate the process of resumption of tourism in Ukraine, draw the attention of experts and managers to this issue, con­tribute to the strategy of sustainable demand for travel within the country in case of a pandemic

A Framework for Systematic Classification of Assets for Security Testing

Over the last decade, a significant increase has been observed in the use of web-based Information systems that process sensitive information, e.g., personal, financial, medical. With this increased use, the security of such systems became a crucial aspect to ensure safety, integrity and authenticity of the data. To achieve the objectives of data safety, security testing is performed. However, with growth and diversity of information systems, it is challenging to apply security testing for each and every system. Therefore, it is important to classify the assets based on their required level of security using an appropriate technique. In this paper, we propose an asset security classification technique to classify the System Under Test (SUT) based on various factors such as system exposure, data criticality and security requirements. We perform an extensive evaluation of our technique on a sample of 451 information systems. Further, we use security testing on a sample extracted from the resulting prioritized systems to investigate the presence of vulnerabilities. Our technique achieved promising results of successfully assigning security levels to various assets in the tested environments and also found several vulnerabilities in them.

KONTROL OPTIMAL PADA MODEL PENYEBARAN VIRUS KOMPUTER DENGAN KLASIFIKASI PENGAMANAN

In this paper, a model of the spread of computer viruses with security classification and nonlinear infection rates is formulated. From the short analysis, is found that the model does not have a virus-free equilibrium point. This show that the virus will always exist in the system and increasingly that can not be avoided. Therefore, control strategy by installing antivirus on subpopulation susceptible low-security level and infective subpopulation aims to minimize the number of infective computers, and minimize the cost related to these strategies. Hence, an important tool, in this case is, optimal control theory. The system solved numerically by using Forward-Backward Sweep method in combination with the fourth-order Runge-Kutta method. Based on the simulation results, the combination of the two controls is effective in suppressing the spread of computer viruses. However, controlling by installing an antivirus on an infected computer has a great influence in suppressing the spread of the computer virus.

A Network Attack Detection Method Using SDA and Deep Neural Network Based on Internet of Things

Aiming at the deficiency of network attack detection, a network attack detection method based on deep neural network is proposed. Firstly, the deep neural network technology is used to study the self-adaptive identification method of the security state, intelligently discriminate the security index of the network, recall comparative learning based on historical data, and establish the classification and identification database of network security. Then, according to the information of security classification and identification database, the corresponding state risk assessment system is mapped. Based on the risk intensity, different levels of early warnings are given. Finally, experimental simulation analysis is carried out to demonstrate the effectiveness of the proposed method. The simulation results show that the proposed method can actively send out early warning before the network is attacked, which obtains a high accuracy of early warning.

Mapping Of Provincial Food Security In Indonesia Using Based Clustering Model

Indonesia was known as an agrarian and maritime country, should not experience difficulties in fulfill food needs or having high food security. However, it is a formidable challenge for the Indonesia to meeting food needs. The low level of food security was caused more by Indonesia's geographical conditions in the form of islands that cause inequality of food production, distribution and absorption among provinces in Indonesia. To reduce the occurrence of food security inequality between provinces in Indonesia, clusters was formed based on food security indicators. Based clustering technique is chosen to overcome the problem of overlapping and the limited availability problem in food security data. The results of research produce 3 clusters based on the classification of food security levels. Based on Bayesian Information Criterion, the most fitted cluster model is a three-cluster model with diagonal distributions. The first cluster consisted of 19 provinces with a classification of middle food security levels, the second cluster consisted of 10 provinces with the classification of the level of high food security, and the third cluster consisted of 5 provinces with a classification of low food security levels. It is expected that the results of this clustering can provide input to the Indonesian government to focus more on 5 Provinces with low food security classification, which focuses on access to food.

Email Security Classification of Imbalanced Data Using Naive Bayes Classifier

Email Security Classification of Imbalanced Data Using Naive Bayes Classifier

Children's Dietary Quality and Micronutrient Adequacy by Food Security in the Household and among Household Children.

Children’s food-security status has been described largely based on either the classification of food security in the household or among household children, but few studies have investigated the relationship between food security among household children and overall dietary quality. Our goal was to examine children’s dietary quality and micronutrient adequacy by food-security classification for the household and among household children. Data from 5540 children (2–17 years) from the National Health and Nutrition Examination Survey (NHANES) 2011–2014 were analyzed. Food-security status was assessed using the U.S. Household Food Security Survey Module and categorized into high, marginal, low, and very low food security for the households and among household children. Dietary quality and micronutrient adequacy were characterized by the Healthy Eating Index (HEI) 2015 and Mean Adequacy Ratio (MAR; based on total nutrient intakes from diet and dietary supplements), respectively. The HEI 2015 scores did not substantially vary by either food-security classification, but the MAR was greater in high compared to very low food security in households and among household children; a linear relationship was found only among household children. In general, very good agreement was observed between the classifications, but the strength of agreement differed by children’s age, race/Hispanic origin, and family income. In conclusion, micronutrient adequacy, but not dietary quality, significantly differed by food-security status. While the agreement between food security in the household and among household children is very good, classification of food security among household children may be more sensitive to detecting differences in exposure to nutrients.

Security‐level classification based on power system partitioning

Secure and reliable operation of power systems is a crucial factor to the security of power supply, and security assessment is an effective way to evaluate the quality of security. In order to evaluate the specific security status of a power system, a novel method for security-level classification (SLC) based on power system partitioning is proposed here. In this method, power system is partitioned into different subareas satisfying different N - k contingencies. Then, the mutual power supply between each subarea is coordinated to obtain the total supply capacity (TSC) under N-k contingencies. The security margin (SM) index, average system disequilibrium (ASD) index, and comprehensive safety index (CSI) are applied to assess the security of power system. Besides this, the threshold crossing (TC) index and the loss rate of load (LRL) index are applied to assess the unsafe conditions of power systems. According to the above procedures, the power system security states are classified into five levels, and a quantitative criterion to determine the exact security level is also given. Finally, a practical power system and the IEEE 118-bus test system are adopted to validate the feasibility of security classification based on N-k contingencies partition.