Analyzing the Big Data Security Through a Unified Decision-Making Approach

Attaallah, Abdulaziz; Alsuhabi, Hassan; Shukla, Sarita; Kumar, R Uday; Gupta, Bineet Kumar; Khan, Raees Ahmad

doi:10.32604/iasc.2022.022569

Cited by 43 publications

(20 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The DMZ provides an additional layer of security to an organisation's local area network (LAN) denying the attacker direct access to Network 1. Differently from predictions techniques and algorithms used to infer knowledge as [32,33], our classifying approach is based on the observation of the related pivot attacks and the connectivity achieved by the adversary to infer different types of pivoting. The combination of numbered red bullets corresponds to distinct degrees of connectivity.…”

Section: Pivot Attack Classificationmentioning

confidence: 99%

See 1 more Smart Citation

Pivot Attack Classification for Cyber Threat Intelligence

Al-Khateeb

Marques

Epiphaniou

et al. 2022

JISCR

View full text Add to dashboard Cite

The initial access achieved by cyber adversaries conducting a systematic attack against a targeted network is unlikely to be an asset of interest. Therefore, it is necessary to use lateral movement techniques to expand access to different devices within the network to accomplish the strategic attack’s objectives. The pivot attack technique is widely used in this context; the attacker creates an indirect communication tunnel with the target and uses traffic forwarding methods to send and receive commands. Recognising and classifying this technique in large corporate networks is a complex task, due to the number of different events and traffic generated. In this paper, we present a pivot attack classification criteria based on perceived indicators of attack (IoA) to identify the level of connectivity achieved by the adversary. Additionally, an automatic pivot classifier algorithm is proposed to include a classification attribute to introduce a novel capability for the APIVADS pivot attack detection scheme. The new algorithm includes an attribute to differentiate between types of pivot attacks and contribute to the threat intelligence capabilities regarding the adversary modus operandi. To the best of our knowledge, this is the first academic peer-reviewed study providing a pivot attack classification criteria.

show abstract

Section: Pivot Attack Classificationmentioning

confidence: 99%

Section: Pivot Attack Classificationmentioning

confidence: 99%

Pivot Attack Classification for Cyber Threat Intelligence

Al-Khateeb

Marques

Epiphaniou

et al. 2022

JISCR

View full text Add to dashboard Cite

show abstract

“…In practical applications, there are many types of risk factor identification methods [ 19 ], mainly including the following: (1) brainstorming method, (2) analysis process method [ 20 ], (3) analysis of relevant scenarios, (4) risk decomposition method [ 21 ], and (5) editing event tree method [ 22 ]. According to the actual situation of small- and medium-sized agency bookkeeping companies, this paper adopts the brainstorming method to identify the risk factors of these companies.…”

Section: Establishment Of the Risk Evaluation Index System For Small-...mentioning

confidence: 99%

“…(3) analysis of relevant scenarios, (4) risk decomposition method [21], and (5) editing event tree method [22].…”

Section: Establishment Of the Risk Evaluation Indexmentioning

confidence: 99%

The Establishment of Risk Evaluation Index System for Small- and Medium-Sized Agency Bookkeeping Companies

Zhang

2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

In recent years, China’s economy has developed rapidly; many small companies have risen rapidly; and the tax system has become more and more standardized. Because many small businesses cannot afford to hire full-time accountants, they opt to outsource accounting services, giving small- and medium-sized bookkeeping firms a large market space. However, these opportunities also bring huge operational risks to small- and medium-sized bookkeeping companies. The purpose of this research is to help such enterprises carry out risk management and reduce operational risks. This study uses an analytic hierarchy process and a fuzzy comprehensive assessment approach to successfully combine quantitative and qualitative analysis and create a multilevel analysis structure model of the risk management evaluation index system of small- and medium-sized agency accounting firms. The structural model is verified by a case, the specific risk score of each factor is calculated through the scores of 20 experts, and the importance of risk is judged according to the size of the score, indicating that the structural model is feasible.

show abstract

“…The targets, which are most important for the software system, are collected from the partners by the requirement engineer [ 16 ] during the requirement engineering process, which is the 1 st phase of the software development life cycle, and then, while getting the requirement from the partner, the requirement engineer will record the targets indicated by the partner either orally or in a written document. And to achieve the targets set by the Partner, the requirement engineer will write so many approaches by which the requirement engineer can satisfy all the needs of the Partners, which is his utmost aim [ 17 ]. We can use any of the strategies (interrogation, creative thinking, examining, and meeting interrogation) to get the suggestion from the Partner.…”

Section: Introduction Of Identification Of Security Threats During Re...mentioning

confidence: 99%

An Efficient Identification of Security Threats in Requirement Engineering Methodology

Subha¹,

Haldorai²

2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

Today, we completely rely on Information Technology (IT) applications for every aspect of daily life, including business and online transactions. In addition to using these IT-enabled applications for business purposes, we also use WhatsApp, Facebook, and a variety of other IT applications to communicate with others. However, there will undoubtedly be a drawback to every benefit. Since everything is linked to the Internet, there are many opportunities for security to be compromised. To address this, we are working to identify security threats early on in the software development process, specifically during the requirements phase. During the requirement engineering process, an engineer can recognize the security specifications in a more structured manner to create threat-free software. In our research work, we suggest the Identification of Security Threats during Requirement Engineering (ISTDRE) technique for detecting security risks throughout the requirement engineering process. The four points that make up this ISTDRE technique are Hack Point (HP), Speculation Point (SP), Trust Point (TP), and Reliable Point (RP). The new ISTDRE methodology will be validated using a case study of an ERP system involving two currently used methodologies: Model Oriented Security Requirements Engineering (MOSRE) and System Quality Requirements Engineering (SQUARE).

show abstract

Analyzing the Big Data Security Through a Unified Decision-Making Approach

Cited by 43 publications

References 20 publications

Pivot Attack Classification for Cyber Threat Intelligence

Pivot Attack Classification for Cyber Threat Intelligence

The Establishment of Risk Evaluation Index System for Small- and Medium-Sized Agency Bookkeeping Companies

An Efficient Identification of Security Threats in Requirement Engineering Methodology

Contact Info

Product

Resources

About