کارابرن عزیز، مقالات سایت ( همگی جزو مقالات isi می باشند) بالاترین کیفیت ترجمه را دارند، ترجمه آنها کامل و دقیق می باشد (حتی محتوای جداول و شکل های نیز ترجمه شده اند) و از بهترین مجلات isi مانند IEEE، Sciencedirect، Springer، Emerald و ... انتخاب گردیده اند.
از نرم افزار winrar برای باز کردن فایل های فشرده استفاده می شود. برای دانلود آن بر روی لینک زیر کلیک کنید
Cyber Security Attacks on Smart Cities and Associated Mobile Technologies
حمله های امنیتی سایبری به شهرهای هوشمند و فن آوری های تلفن همراه مرتبط-2017
Smart City refer to the city that integrates modern technologies for automated and efficient service providing to enhance citizens’ lifestyle. Latest studies show that like 60 present of the whole world’s population will be living in urban environments by the year 2030. This massively growing population in urban environments leads to the need of advanced management approaches that use latest IT platforms and techniques for smartening every city-related service. Such emergent integration of technologies faces several security- related challenges because of not considering security tests of new deployed technologies, in addition to not engaging other system parties with security incidents due to the huge communication. On the other side, high complexity, high interdependency and intensive communication lead to unbounded attack surface and cryptography-related issues. In our paper, we intend to provide detailed overview based on literature of smart cities’ major security problems and current solutions. Moreover, we present several influencing factors that affect data and information security in smart cities.1877-0509 © 2017 The Authors. Published by Elsevier B.V.Peer-review under responsibility of the Conference Program Chairs.
Keywords: Smart Cities Technologies | Cloud Computing | Mobile Devices | Cyber Security
A collaborative cyber incident management system for European interconnected critical infrastructures
سیستم مدیریت حادثه سایبری مشترک برای زیرساخت های بحرانی مرتبط با اروپا-2017
Article history:Available online 2 June 2016Keywords:Cyber security Information sharing Cyber incident reporting Security operation center Cyber incident handlingToday’s Industrial Control Systems (ICSs) operating in critical infrastructures (CIs) are becoming increas- ingly complex; moreover, they are extensively interconnected with corporate information systems for cost-eﬃcient monitoring, management and maintenance. This exposes ICSs to modern advanced cyber threats. Existing security solutions try to prevent, detect, and react to cyber threats by employing secu- rity measures that typically do not cross the organization’s boundaries. However, novel targeted multi- stage attacks such as Advanced Persistent Threats (APTs) take advantage of the interdependency between organizations. By exploiting vulnerabilities of various systems, APT campaigns intrude several organiza- tions using them as stepping stones to reach the target infrastructure. A coordinated effort to timely reveal such attacks, and promptly deploy mitigation measures is therefore required. Organizations need to cooperatively exchange security-relevant information to obtain a broader knowledge on the current cyber threat landscape and subsequently obtain new insight into their infrastructures and timely react if necessary. Cyber security operation centers (SOCs), as proposed by the European NIS directive, are be- ing established worldwide to achieve this goal. CI providers are asked to report to the responsible SOCs about security issues revealed in their networks. National SOCs correlate all the gathered data, analyze it and eventually provide support and mitigation strategies to the aﬃliated organizations. Although many of these tasks can be automated, human involvement is still necessary to enable SOCs to adequately take decisions on occurring incidents and quickly implement counteractions. In this paper we present a collaborative approach to cyber incident information management for gaining situational awareness on interconnected European CIs. We provide a scenario and an illustrative use-case for our approach; we propose a system architecture for a National SOC, deﬁning the functional components and interfaces it comprises. We further describe the functionalities provided by the different system components to sup- port SOC operators in performing incident management tasks.© 2016 Elsevier Ltd. All rights reserved.
Keywords: Cyber security | Information sharing | Cyber incident reporting | Security operation center | Cyber incident handling
A security evaluation of IEC 62351
ارزیابی امنیتی IEC 62351-2017
Article history:Available online 8 June 2016Keywords: Cyber security IEC 62351Cyber security standardIEC 62351 is an industry standard aimed at improving security in automation systems in the power sys- tem domain. It contains provisions to ensure the integrity, authenticity and conﬁdentiality for different protocols used in power systems. In this article we look at the different parts of IEC 62351 and assess to what extent the standard manages to improve security in automation systems. We also point out some incongruities in the algorithms or parameters chosen in parts of the standard. Overall, we conclude that the standard can signiﬁcantly improve security in power systems if applied comprehensively, but we also note that the need to preserve (partial) backwards-compatibility has led to some design choices that provide less security than could have been achieved with a more ambitious approach.© 2016 Elsevier Ltd. All rights reserved.
Keywords: Cyber security | IEC 62351 | Cyber security standard
STPA-SafeSec: Safety and security analysis for cyber-physical systems
STPA-SafeSec: تجزیه و تحلیل ایمنی و امنیت سیستم های فیزیکی سایبری-2017
Article history:Available online 30 June 2016Keywords:Smart gridSynchronous islanded generation STPACPSSafetyCyber securityCyber-physical systems tightly integrate physical processes and information and communication technolo- gies. As today’s critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecu- rity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Us- ing this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identiﬁed. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its beneﬁts.© 2016 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license. (http://creativecommons.org/licenses/by/4.0/)
Keywords: Smart grid | Synchronous islanded generation | STPA | CPS | Safety | Cyber security
حملات امنیت سایبری به شهرهای هوشمند و فناوری های سیار همراه آن
سال انتشار: 2017 - تعداد صفحات فایل pdf انگلیسی: 6 - تعداد صفحات فایل doc فارسی: 14
شهر هوشمند به شهری اشاره دارد که فناوری های نوین را برای تامین خدمات خودکار و کارآمد جهت ارتقای شیوه زندگی شهروندی باهم یکپارچه می کند. مطالعات اخیر نشان می دهد که 60 درصد جمعیت کل جهان تا سال 2030 در محیط های شهری زندگی خواهند کرد. این جمعیت به شدت رو به رشد در محیط های شهری منجر به ایجاد نیاز به دیدگاههای پیشرفته مدیریتی می شود که از آخرین بسترهای فناوری اطلاعات برای هوشمندسازی هر نوع خدمات مربوط به شهر استفاده می کنند. چنین یکپارچه سازی ایجاد شده برای فناوری ها به دلیل عدم توجه به آزمایشات ایمنی فناوری های جدید گسترش یافته درکنار عدم به کارگیری سایر بخشهای سیستم با اتفاقات امنیتی به دلیل ارتباطات عظیم، با چندین چالش مربوط به ایمنی مواجه است. از سوی دیگر، پیچیدگی بالا، به هم وابستگی بالا و ارتباطات شدید منجر به سطح نامحدود برای حمله و مشکلات نامحدود مربوط به رمزنگاری می شود. ما در مقاله خود قصد داریم که مروری کلی و جزئیاتی برمبنای منابع علمی مربوط به مشکلات مهم امنیتی شهرهای هوشمند و راه حل های موجود فراهم کنیم. به علاوه، ما چندین عامل اثرگذار را ارائه می کنیم که بر امنیت داده ها و اطلاعات در شهرهای هوشمند اثر می گذارند.
کلیدواژه ها: فناوری های شهرهای هوشمند | محاسبات ابری | وسایل سیار | امنیت سایبری
|مقاله ترجمه شده|
The impact of Chinas 2016 Cyber Security Law on foreign technology firms, and on Chinas big data and Smart City dreams
تأثیر قانون 2016 Cyber Security چین در مورد شرکت های فن آوری خارجی، و داده های بزرگ چین و رویاهای شهر Smart City-2017
computer law & s e c u r i t y review ( 2 0 1 7 ) ARTICLE IN PRESS Please cite this article in press as: Max Parasol, The impact of China’s 2016 Cyber Security Law on foreign technology firms, and on China’s big data and SmartCity dreams, Computer Law & Security Review: The International Journal of Technology Law and Practice (2017), doi: 10.1016/j.clsr.2017.05.022 Available online at www.sciencedirect.com www.compseconline.com/publications/prodclaw.htm A B S T R A C T Chinese officials are increasingly turning to a policy known as Informatisation, connecting industry online, to utilise technology to improve efficiency and tackle economic developmental problems in China. However, various recent laws have made foreign technology firms uneasy about perceptions of Rule of Law in China.Will these new laws, under China’s stated policy of “Network Sovereignty” ( “wangluo zhuquan”) affect China’s ability to attract foreign technology firms, talent and importantly technology transfers?Will they slow China’s technology and Smart City drive? This paper focuses on the question of whether international fears of China’s new Cyber Security Law are justified. In Parts I and II, the paper analyses why China needs a cyber security regime. In Parts III and IV it examines the law itself. © 2017 Max Parasol. Published by Elsevier Ltd. All rights reserved.
Keywords:China | Big data | The Internet of Things | Smart Cities | Network Sovereignty | Rule of Law | Cyber Security Laws
Big Data Behavioral Analytics Meet Graph Theory: On Effective Botnet Takedowns
تجزیه و تحلیل بزرگ داده های رفتاری منطبق بر نظریه گراف: اثر برداشت های باتنت-2017
Cyberspace continues to host highly sophisti cated malicious entities that have demonstrated their ability to launch debilitating, intimidating, and disrupting cyber attacks. Recently, such entities have been adopting orchestrated, often botmas ter-coordinated, stealthy attack strategies aimed at maximizing their targets’ coverage while minimiz ing redundancy and overlap. The latter entities, which are typically dubbed as bots within botnets, are ominously being leveraged to cause drastic Internet-wide and enterprise impacts by means of severe misdemeanors. While a plethora of litera ture approaches have devised operational cyber security techniques for the detection of such bot nets, very few have tackled the problem of how to promptly and effectively takedown such bot nets. In the past three years, we have received 12 GB of daily malicious real darknet data (i.e., Inter net traffic destined to half a million routable but unallocated IP addresses or sensors) from more than 12 countries. This article exploits such data to propose a novel Internet-scale cyber security capability that fuses big data behavioral analytics in conjunction with formal graph theoretical con cepts to infer and attribute Internet-scale infected bots in a prompt manner and identify the niche of the botnet for effective takedowns. We vali date the accuracy of the proposed approach by employing 100 GB of the Carna botnet, which is a very recent real malicious Internet-scale botnet. Since performance is also an imperative metric when dealing with big data for network security, this article further provides a comparison between two trending big data processing architectures: the almost standard Apache Hadoop system, and a more traditional and simplistic multi-threaded programming approach, by employing 1 TB of real darknet data. Several recommendations and possible future research work derived from the previous experiments conclude this article.
Individual differences and Information Security Awareness
تفاوت های فردی و آگاهی از امنیت اطلاعات-2017
The main purpose of this study was to examine the relationship between individuals Information Se- curity Awareness (ISA) and individual difference variables, namely age, gender, personality and risk- taking propensity. Within this study, ISA was deﬁned as individuals knowledge of what policies and procedures they should follow, their understanding of why they should adhere to them (their attitude) and what they actually do (their behaviour). This was measured using the Human Aspects of Information Security Questionnaire (HAIS-Q). Individual difference variables were examined via a survey of 505 working Australians. It was found that conscientiousness, agreeableness, emotional stability and risk- taking propensity signiﬁcantly explained variance in individuals’ ISA, while age and gender did not. Findings highlighted the need for future research to examine individual differences and their impact on ISA. Results of the study can be applied by industry to develop tailored InfoSec training programs.Crown Copyright © 2016 Published by Elsevier Ltd. All rights reserved.
Keywords:Information Security Awareness (ISA) | Information security (InfoSec) | Cyber security | Personality | Risk | Individual differences
Information sharing vs: privacy: A game theoretic analysis
اشتراک اطلاعات در مقابل حریم خصوصی: تجزیه و تحلیل نظریه بازی-2017
Article history:Received 9 June 2016Revised 29 June 2017Accepted 30 June 2017Available online 1 July 2017Keywords:Information security economics Information sharingPrivacySecurity knowledge growth Security investment Differential gameSharing cyber security information helps ﬁrms to decrease cyber security risks, prevent attacks, and in- crease their overall resilience. Hence it affects reducing the social security cost. Although previously cyber security information sharing was being performed in an informal and ad hoc manner, nowadays through development of information sharing and analysis centers (ISACs), cyber security information sharing has become more structured, regular, and frequent. This is while, the privacy risk and information disclosure concerns are still major challenges faced by ISACs that act as barriers in activating the potential impacts of ISACs.This paper provides insights on decisions about security investments and information sharing in con- sideration of privacy risk and security knowledge growth. By the latest concept i.e. security knowledge growth, we mean fusing the collected security information, adding prior knowledge, and performing ex- tra analyses to enrich the shared information. The impact of this concept on increasing the motivation of ﬁrms for voluntarily sharing their sensitive information to authorities such as ISACs has been analytically studied for the ﬁrst time in this paper. We propose a differential game model in which a linear fusion model for characterizing the process of knowledge growth via the ISAC is employed. The Nash equilibrium of the proposed game including the optimized values of security investment, and the thresholds of data sharing with the price of privacy are highlighted. We analytically ﬁnd the threshold in which the gain achieved by sharing sensitive information outweighs the privacy risks and hence the ﬁrms have natural incentive to share their security information. Moreover, since in this case the threshold of data shar- ing and the security investment levels chosen in Nash equilibrium may be lower than social optimum, accordingly we design mechanisms which would encourage the ﬁrms and lead to a socially optimal out- come. The direct impact of the achieved results is on analyzing the way ISACs can convince ﬁrms to share their security information with them.© 2017 Elsevier Ltd. All rights reserved.
Keywords: Information security economics | Information sharing | Privacy | Security knowledge growth | Security investment | Differential game
Selecting Appropriate Cloud Solution for Managing Big Data Projects Using Hybrid AHP-Entropy Based Assessment
انتخاب روش مناسب ابر برای مدیریت پروژه های داده بزرگ با استفاده از ارزیابی مبتنی بر آنتروپی هیبریدی AHP-2016
Today technology that learns from data to forecast future behavior of individuals, organizations, government and country as a whole, is playing a crucial role in the advancement of human race. In fact, the strategic advantage most of the companies today strive for are use of new available technologies like cloud computing and big data. However, today’s dynamic business environment poses severe challenges in front of companies as to how to make use of the power of big data with the technical flexibility that cloud computing provides? Therefore, evaluating, ranking and selecting the most appropriate cloud solution to manage big data project is a complex concern which requires multi criteria decision environment. In this paper we propose a hybrid entropy method combined with Analytical Hierarchical Process (AHP) to select appropriate cloud solution to manage big data projects in group decision making environment. In order to collate individual opinions of decision makers for rating the importance of various criteria and alternatives, we employed usability analysis using the proposed hybrid AHP-Entropy method.
Keywords: Analytical Hierarchical Process (AHP) | Entropy | MCDM | Big Data | Cloud Solution