Nowadays, vulnerability attacks occur frequently. Due to the information asymmetry between attackers and defenders, vulnerabilities can be divided into known and unknown. Existing researches mainly focus on the risk assessment of known vulnerabilities. However, unknown vulnerabilities are more threatening and harder to detect. Therefore, unknown vulnerability risk assessment deserves the widespread attention. To model the exploit process, directed graph models are applied to vulnerability risk assessment. And security metrics are used to quantify the exploitability of vulnerabilities. In this paper, according to the data source of nodes, related works of unknown vulnerability risk assessment based on directed graph models are divided into two types. One is based on network-level data, the other is based on system-level data. The former is to visualize the network status, while the latter is to reflect the running process of the system. The concept and purpose of these directed graph models are given at first. Then, these models are analyzed from three aspects, including advantages, flaws and solutions. After that, challenges and solutions of unknown vulnerability risk assessment based on directed graph models are given. Meantime, security metrics for unknown vulnerability risk assessment based on directed graph models are summarized and classified. Finally, future work directions of unknown vulnerability risk assessment are discussed from the perspective of techniques and application trends. Consequently, this paper can fill in the lack of current survey on unknown vulnerability risk assessment based on directed graph models. INDEX TERMS Directed graph model, risk assessment, security metric, unknown vulnerability.
Abnormal traffic detection is an important network security technology to protect computer systems from malicious attacks. Existing detection methods are usually based on traditional machine learning, such as Support Vector Machine (SVM), Naive Bayes, etc. They rely heavily on manual design of traffic features and usually shallow feature learning, which get a low accuracy for high-dimensional traffic. Although the method based on Long Short-Term Memory (LSTM) has an excellent ability to detect abnormal traffic. The sequence-dependent structure of LSTM cannot realize parallel computation, which leads to slow model training and limits its applicability. To address the above problem, we propose an efficient Bidirectional Simple Recurrent Unit (BiSRU) combined with feature dimensionality reduction for abnormal traffic detection. Specifically, in order to perform feature dimensionality reduction on the original high-dimensional network traffic, we design a stack Sparse Autoencoder (sSAE) to extract the compressed high-level features. For the purpose of realizing efficient parallel computation and accurate feature extraction, a BiSRU is utilized to extract the bidirectional structural features of the traffic. Finally, the experimental results show that our proposed method significantly outperforms existing methods in terms of accuracy and training time. The method we propose can timely and accurately detect various abnormal traffic and achieve effective network security protection.
Access control is one of the key mechanisms for cloud computing security. When it comes to being used in cloud computing environments, RBAC is more scalable and more suitable compared with traditional discretionary and mandatory access control models. A straightforward way is to extend RBAC from traditional fields to cloud computing environments. In this chapter, several extended role-based access control schemes are surveyed from basic extension, A-RBAC, and trust-based RBAC separately. Core techniques of the proposed schemes are detailed. Comparisons around the proposed schemes are analyzed. Keywords Cloud computing • Access control • RBAC • A-RBAC • Trust IntroductionNowadays, cloud computing is becoming one of the most popular and trendy computing model in the technology world. In cloud computing model, access is performed through network which has the characteristics of ubiquity, convenience, and service-on-demand. The computing resource is a configurable shared pool consisting of networks, servers, storage, applications, and services [1]. There are different slots or sections of a cloud service. Among them, infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) are the three service models. With the cloud computing having more and more deployment, security issues have become important factors restricting its development and application [2].Access control is the process of limiting access to system resources for only authorized people, programs, processes, or other system components, which plays an important role in the field of information security. Traditionally, there are three kinds of access control models: (1) discretionary, (2) mandatory, and (3) role based [3]. Among the three models, RBAC model is the most scalable, especially in such cases that tracking the users of the services cannot get through a fixed identity.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.