IEEE Account
- Change Username/Password
- Update Address
Purchase Details
- Payment Options
- Order History
- View Purchased Documents
Profile Information
- Communications Preferences
- Profession and Education
- Technical Interests
- US & Canada: +1 800 678 4333
- Worldwide: +1 732 981 0060
- Contact & Support
- About IEEE Xplore
- Accessibility
- Terms of Use
- Nondiscrimination Policy
- Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
Subscribe to the PwC Newsletter
Join the community, search results, security and privacy of lightning network payments with uncertain channel balances.
2 code implementations • 15 Mar 2021
Applying negative Bernoulli trials for single- and multi-part payments allows us to compute the expected number of payment attempts for a given amount, sender, and receiver.
Cryptography and Security
MiniCPS: A toolkit for security research on CPS Networks
1 code implementation • 17 Jul 2015
While a great amount of research has been conducted on network security of office and home networks, recently the security of CPS and related systems has gained a lot of attention.
Networking and Internet Architecture Cryptography and Security
Provably Secure Networks: Methodology and Toolset for Configuration Management
1 code implementation • 28 Aug 2017
Network administration is an inherently complex task, in particular with regard to security.
Evaluating Shallow and Deep Neural Networks for Network Intrusion Detection Systems in Cyber Security
5 code implementations • International Conference on Computing, Communication and Networking Technologies (ICCCNT) 2018
In this paper, DNNs have been utilized to predict the attacks on Network Intrusion Detection System (N-IDS).
Formal Security Analysis of Neural Networks using Symbolic Intervals
3 code implementations • 28 Apr 2018
In this paper, we present a new direction for formally checking security properties of DNNs without using SMT solvers.
MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research
1 code implementation • 13 Mar 2024
Thus, there is a need for controlled testbeds and measurement tools for cellular access networks doing justice to the technology's unique structure and global scope.
SecDD: Efficient and Secure Method for Remotely Training Neural Networks
1 code implementation • 19 Sep 2020
We leverage what are typically considered the worst qualities of deep learning algorithms - high computational cost, requirement for large data, no explainability, high dependence on hyper-parameter choice, overfitting, and vulnerability to adversarial perturbations - in order to create a method for the secure and efficient training of remotely deployed neural networks over unsecured channels.
Nitriding: A tool kit for building scalable, networked, secure enclaves
1 code implementation • 8 Jun 2022
Enclave deployments often fail to simultaneously be secure (e. g., resistant to side channel attacks), powerful (i. e., as fast as an off-the-shelf server), and flexible (i. e., unconstrained by development hurdles).
Lifting Network Protocol Implementation to Precise Format Specification with Security Applications
1 code implementation • 19 May 2023
It is well-known that static analysis does not rely on any input packets and can achieve high coverage by scanning every piece of code.
Cryptography and Security Programming Languages
Security Analysis of Deep Neural Networks Operating in the Presence of Cache Side-Channel Attacks
1 code implementation • ICLR 2019
Based on the extracted architecture attributes, we also demonstrate that an attacker can build a meta-model that accurately fingerprints the architecture and family of the pre-trained model in a transfer learning setting.
Enhancing the Security of Software-Defined Networking through Forensic Memory Analysis
- Published: 25 August 2024
- Volume 32 , article number 82 , ( 2024 )
Cite this article
- Filipe Augusto da Luz Lemos 1 ,
- Thiago dos Santos Cavali 1 na1 ,
- Keiko Verônica Ono Fonseca 1 na1 ,
- Mauro Sergio Pereira Fonseca 1 na1 &
- Rubens Alexandre de Faria 1 na1
31 Accesses
Explore all metrics
The increasing complexity and dynamic nature of software-defined networking (SDN) environments pose significant challenges for network security. We propose a methodology for enhancing the security of SDN systems through the use of a well established technique in forensic sciences, the memory analysis, combined with techniques to identify memory modifications, such as signature validation and novelty detection. A proof of concept using a test environment consisting of virtual switches, connected in a ring topology, and hosts validated the proposed methodology. The results were able to demonstrate the capability of the proposed methodology to detect and mitigate unauthorized changes in network equipment, highlighting its potential to improve the security of SDN networks, and possible integration with other methodologies to further improve the security of SDN environments. Overall, the proposed methodology provides a new valuable tool for securing SDN networks, and brings research opportunities on the scalability and adaptability of the proposed solution.
This is a preview of subscription content, log in via an institution to check access.
Access this article
Subscribe and save.
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Price includes VAT (Russian Federation)
Instant access to the full article PDF.
Rent this article via DeepDyve
Institutional subscriptions
Similar content being viewed by others
SDN and NFV Security: Challenges for Integrated Solutions
A comprehensive analysis of threat vectors in software-defined networking
A comprehensive survey on SDN security: threats, mitigations, and future directions
Explore related subjects.
- Artificial Intelligence
Data Availability
No datasets were generated or analysed during the current study.
https://opennetworking.org/onos/ .
https://www.docker.com/ .
https://www.openvswitch.org/ .
Brügge, F., Hasan, M., Kulezak, M., Lueth, K.L., Pasqua, E., Sinha, S., Wegner, P., Baviskar, K., Taparia, A.: State of IoT—Spring 2023 (2023)
Caraguay, Leonardo Valdivieso, Peral, A.B., López, L.I.B., Villalba, L.J.G.: SDN: evolution and opportunities in the development IoT applications. Int. J. Distrib. Sens. Netw. 10 (5), 735142 (2014). https://doi.org/10.1155/2014/735142
Article Google Scholar
Saraswat, S., Agarwal, V., Gupta, H.P., Mishra, R., Gupta, A., Dutta, T.: Challenges and solutions in software defined networking: a survey. J. Netw. Comput. Appl. 141 , 23–58 (2019)
Duan, Q., Toy, M.: Virtualized Software-defined Networks and Services. Artech House Communications and Network Engineering Series. Artech House, Boston (2017). http://search.ebscohost.com/login.aspx?direct=true&db=nlebk &AN=1511855 &lang=pt-br &site=ehost-live
Ahmad, S., Mir, A.H.: Scalability, consistency, reliability and security in SDN controllers: a survey of diverse SDN controllers. J. Netw. Syst. Manag. 29 , 1–59 (2021)
Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab. J. Sci. Eng. 42 , 425–441 (2017)
Benzekki, K., Fergougui, A.E., Elalaoui, A.E.: Software-defined networking (SDN): a survey. Secur. Commun. Netw. 9 , 5803–5833 (2016). https://doi.org/10.1002/sec.1737
CeldrÃn, A., Karmakar, K., MÃrmol, F., Varadharajan, V.: Detecting and mitigating cyberattacks using software defined networks for integrated clinical environments. Peer-to-Peer Netw. Appl. 14 , 2719–2734 (2021). https://doi.org/10.1007/s12083-021-01082-w
Nunes, B.A.A., Mendonca, M., Nguyen, X.-N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun. Surv. Tutor. 16 (3), 1617–1634 (2014). https://doi.org/10.1109/SURV.2014.012214.00180 . arxiv:1406.0440
Chouikik, M., Ouaissa, M., Ouaissa, M., Boulouard, Z., Kissi, M.: Software-defined networking security: a comprehensive review. In: Big Data Analytics and Computational Intelligence for Cybersecurity, pp. 91–108 (2022)
Ahmad, I., Namal, S., Ylianttila, M., Gurtov, A.: Security in software defined networks: a survey. IEEE Commun. Surv. Tutor. 17 (4), 2317–2346 (2015). https://doi.org/10.1109/COMST.2015.2474118
Yuan, B., Zhang, C., Ren, J., Chen, Q., Xu, B., Zhang, Q., Li, Z., Zou, D., Zhang, F., Jin, H.: Toward automated attack discovery in SDN controllers through formal verification. IEEE Trans. Netw. Serv. Manag. 21 (3), 3636–3655 (2024). https://doi.org/10.1109/TNSM.2024.3386404
Haas, Z.J., Culver, T.L., Sarac, K.: Vulnerability challenges of software defined networking. IEEE Commun. Mag. 59 (7), 88–93 (2021)
Dhandapani, K.P., Thanganadar Thangathai, M., Hamead Haja Moinudeen, S.: A novel eviction policy based on shortest remaining time for software defined networking flow tables. Int. J. Netw. Manag. 34 (3), 2257 (2024). https://doi.org/10.1002/nem.2257
Santos, R., Souza, D., Santo, W., Ribeiro, A., Moreno, E.: Machine learning algorithms to detect DDoS attacks in SDN. Concurr. Comput. Pract. and Exp. 32 (16), 5402 (2020)
Yue, M., Yan, Q., Lu, Z., Wu, Z.: CCS: A cross-plane collaboration strategy to defend against LDoS attacks in SDN. IEEE Trans. Netw. Serv. Manag. 21 (3), 3522–3536 (2024). https://doi.org/10.1109/TNSM.2024.3363490
Chica, J.C.C., Imbachi, J.C., Vega, J.F.B.: Security in SDN: a comprehensive survey. J. Netw. Comput. Appl. 159 , 102595 (2020)
Hakiri, A., Dezfouli, B.: Towards a blockchain-SDN architecture for secure and trustworthy 5G massive IoT networks. In: Proceedings of the 2021 ACM International Workshop on Software Defined Networks & Network Function Virtualization Security, pp. 11–18 (2021)
Monshizadeh, M., Khatri, V., Kantola, R.: An adaptive detection and prevention architecture for unsafe traffic in SDN enabled mobile networks. In: 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 883–884. IEEE (2017)
Monshizadeh, M., Khatri, V., Kantola, R.: Detection as a service: an SDN application. In: 2017 19th International Conference on Advanced Communication Technology (ICACT), pp. 285–290. IEEE (2017)
Shao, Z., Zhu, X., Chikuvanyanga, A.M., Zhu, H.: Blockchain-based SDN security guaranteeing algorithm and analysis model. In: Wireless and Satellite Systems: 10th EAI International Conference, WiSATS 2019, Harbin, China, January 12–13, 2019, Proceedings, Part II 10, pp. 348–362. Springer, Berlin (2019)
Ibrahim, J., Gajin, S.: SDN-based intrusion detection system. Infoteh Jahorina 16 , 621–624 (2017)
Google Scholar
Adeniji, O.D., Adekeye, D.B., Ajagbe, S.A., Adesina, A.O., Oguns, Y.J., Oladipupo, M.A.: Development of DDoS attack detection approach in software defined network using support vector machine classifier. In: Pervasive Computing and Social Networking: Proceedings of ICPCSN 2022, pp. 319–331. Springer, Salem (2022)
Alhijawi, B., Almajali, S., Elgala, H., Salameh, H.B., Ayyash, M.: A survey on DoS/DDoS mitigation techniques in SDNs: classification, comparison, solutions, testing tools and datasets. Comput. Electr. Eng. 99 , 107706 (2022)
Aslam, N., Srivastava, S., Gore, M.: ONOS flood defender: an intelligent approach to mitigate DDoS attack in SDN. Trans. Emerg. Telecommun. Technol. 33 (9), 4534 (2022)
Elsayed, M.S., Jahromi, H.Z., Nazir, M.M., Jurcut, A.D.: The role of CNN for intrusion detection systems: an improved CNN learning approach for SDNs. In: International Conference on Future Access Enablers of Ubiquitous and Intelligent Infrastructures, pp. 91–104. Springer, Berlin (2021)
Golchin, P., Zhou, C., Agnihotri, P., Agnihotri, P., Hajizadeh, M., Kundel, R., Steinmetz, R.: Cml-ids: enhancing intrusion detection in SDN through collaborative machine learning. In: 2023 19th International Conference on Network and Service Management (CNSM), pp. 1–9 (2023). https://doi.org/10.23919/CNSM59352.2023.10327863
Yang, X., Wang, D., Tang, W., Feng, W., Zhu, C.: IPsec cryptographic algorithm invocation considering performance and security for SDN southbound interface communication. IEEE Access 8 , 181782–181795 (2020). https://doi.org/10.1109/ACCESS.2020.3028603
Scaranti, G.F., Carvalho, L.F., Barbon, S., Lloret, J., Proença, M.L.: Unsupervised online anomaly detection in software defined network environments. Expert Syst. Appl. 191 , 116225 (2022). https://doi.org/10.1016/j.eswa.2021.116225
Ali, J., Roh, B.: Management of software-defined networking powered by artificial intelligence (2022). https://doi.org/10.5772/intechopen.97197
Latah, M.: Artificial intelligence enabled software defined networking: a comprehensive overview (2018) https://doi.org/10.48550/arxiv.1803.06818
Wu, Y., Hwang, P., Hwang, W., Cheng, M.: Artificial intelligence enabled routing in software defined networking. Appl. Sci. 10 , 6564 (2020). https://doi.org/10.3390/app10186564
Jasinski, A., Qiao, Y., Fallon, E., Flynn, R.: Natural language processing applied to dynamic workflow generation for network management. In: NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, pp. 1–6 (2022). https://doi.org/10.1109/NOMS54207.2022.9789709
Silva Eleutério, P.M., Machado, M.P.: Desvendando a Computação forense. Novatec Editora, São Paulo (2019)
Yang, S., Wang, L., Zhang, S., Zhao, D., Xu, L.: A method for acquiring network information from Linux memory image in software-defined networking. J. Internet Technol. 21 (3), 899–908 (2020)
Purnaye, P., Kulkarni, V.: A comprehensive study of cloud forensics. Arch. Comput. Methods Eng. 29 (1), 33–46 (2022)
Waseem, Q., Alshamrani, S.S., Nisar, K., Wan Din, W.I.S., Alghamdi, A.S.: Future technology: software-defined network (SDN) forensic. Symmetry 13 (5) (2021). https://doi.org/10.3390/sym13050767
Nam, S., Jeong, E., Hong, J., Yoo, J.-H., Hong, J.W.-K.: Log analysis and prediction for anomaly detection in network switches. In: 2023 19th International Conference on Network and Service Management (CNSM), pp. 1–7 (2023). https://doi.org/10.23919/CNSM59352.2023.10327879
Achleitner, S., La Porta, T., Jaeger, T., McDaniel, P.: Adversarial network forensics in software defined networking. In: Proceedings of the Symposium on SDN Research. SOSR’17, pp. 8–20. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3050220.3050223
Leichtnam, L., Totel, E., Prigent, N., Mé, L.: Novelty detection on graph structured data to detect network intrusions. In: CAID 2020-Conference on Artificial Intelligence for Defense (2020)
Cui, J., Zhang, J., He, J., Zhong, H., Lu, Y.: DDoS detection and defense mechanism for SDN controllers with k-means. In: 2020 IEEE/ACM 13th International Conference on Utility and Cloud Computing (UCC), pp. 394–401 (2020). https://doi.org/10.1109/UCC48980.2020.00062
Salaria, S., Arora, S., Goyal, N., Goyal, P., Sharma, S.: Implementation and analysis of an improved PCA technique for DDoS detection. In: 2020 IEEE 5th International Conference on Computing Communication and Automation (ICCCA), pp. 280–285 (2020). https://doi.org/10.1109/ICCCA49541.2020.9250912
Makuvaza, A., Jat, D.S., Gamundani, A.M.: Deep neural network (DNN) solution for real-time detection of distributed denial of service (DDoS) attacks in software defined networks (SDNs). SN Comput. Sci. 2 , 1–10 (2021)
Priyadarshini, I., Mohanty, P., Alkhayyat, A., Sharma, R., Kumar, S.: SDN and application layer DDoS attacks detection in IoT devices by attention-based BI-LSTM-CNN. Trans. Emerg. Telecommun. Technol. n/a(n/a), 4758 (2023). https://doi.org/10.1002/ett.4758 . https://onlinelibrary.wiley.com/doi/pdf/10.1002/ett.4758
Wang, H., Li, W.: DDosTC: A transformer-based network attack detection hybrid mechanism in SDN. Sensors 21 (15) (2021). https://doi.org/10.3390/s21155047
Umar, R., Riadi, I., Kusuma, R.S.: Mitigating sodinokibi ransomware attack on cloud network using software-defined networking (SDN). Int. J. Saf. Secur. Eng. 11 (3), 239–246 (2021)
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: Enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 38 (2), 69–74 (2008). https://doi.org/10.1145/1355734.1355746
Download references
Acknowledgements
The SecureCloud Project was funded by the Brazilian Ministry of Science Technology and Communications, the European Commission and the Swiss State Secretariat for Education, Research and Innovation through the Horizon 2020 Program, in the 3rd Brazil-Europe coordinated call. This study was financed in part by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior–Brasil (CAPES)–Finance Code 001
Author information
Thiago dos Santos Cavali, Keiko Verônica Ono Fonseca, Mauro Sergio Pereira Fonseca and Rubens Alexandre de Faria contributed equally to this work.
Authors and Affiliations
Graduate Program in Electrical and Computer Engineering, Federal University of Technology, Sete de Setembro Avenue, 3165, Curitiba, Paraná, 80230-901, Brazil
Filipe Augusto da Luz Lemos, Thiago dos Santos Cavali, Keiko Verônica Ono Fonseca, Mauro Sergio Pereira Fonseca & Rubens Alexandre de Faria
You can also search for this author in PubMed Google Scholar
Contributions
F.A.L.L. proposed the security concept. F.A.L.L and T.S.C. wrote the main manuscript text and F.A.L.L prepared all figures. All authors reviewed the manuscript. All authors contributed to this work.
Corresponding author
Correspondence to Filipe Augusto da Luz Lemos .
Ethics declarations
Conflict of interest.
The authors declare no conflict of interest.
Additional information
Publisher's note.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
Reprints and permissions
About this article
da Luz Lemos, F.A., dos Santos Cavali, T., Fonseca, K.V.O. et al. Enhancing the Security of Software-Defined Networking through Forensic Memory Analysis. J Netw Syst Manage 32 , 82 (2024). https://doi.org/10.1007/s10922-024-09862-4
Download citation
Received : 14 March 2024
Revised : 05 August 2024
Accepted : 15 August 2024
Published : 25 August 2024
DOI : https://doi.org/10.1007/s10922-024-09862-4
Share this article
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
- Software defined network
- Memory analysis
- Find a journal
- Publish with us
- Track your research
Information
- Author Services
Initiatives
You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.
All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .
Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.
Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.
Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.
Original Submission Date Received: .
- Active Journals
- Find a Journal
- Proceedings Series
- For Authors
- For Reviewers
- For Editors
- For Librarians
- For Publishers
- For Societies
- For Conference Organizers
- Open Access Policy
- Institutional Open Access Program
- Special Issues Guidelines
- Editorial Process
- Research and Publication Ethics
- Article Processing Charges
- Testimonials
- Preprints.org
- SciProfiles
- Encyclopedia
Article Menu
- Subscribe SciFeed
- Recommended Articles
- Google Scholar
- on Google Scholar
- Table of Contents
Find support for a specific problem in the support section of our website.
Please let us know what you think of our products and services.
Visit our dedicated information section to learn more about MDPI.
JSmol Viewer
The vulnerability relationship prediction research for network risk assessment.
1. Introduction
- We propose a two-layer knowledge representation learning model that incorporates entity attribute information during the knowledge representation learning process. The method improves the embedding accuracy of entity nodes, thereby enhancing the accuracy of predicting the impact relationship between vulnerable entities. We constructed a vulnerability knowledge graph containing approximately 100,000 entities and 400,000 relationships, and conducted experiments on this graph to demonstrate that the proposed model outperforms the baseline model.
- A vulnerability risk calculation model based on impact relationships is proposed, which enables risk assessment and ranking of vulnerabilities in network scenarios. This model introduces factors such as the importance of network devices and the impact relationship between vulnerabilities. We initialize the model by constructing a network device connectivity matrix, device vulnerability matrix, vulnerability relationship matrix, and setting relevant weight parameters. And experiments have shown that the vulnerability risk calculation model based on impact relationships proposed in this paper can more reasonably evaluate the actual risk of vulnerabilities in specific network scenarios.
- We propose a network risk model based on Bayesian attack graph to assess the risk of device nodes in the network. This model combines the impact relationship between vulnerabilities and quantifies the probability of vulnerability exploitation and the risk status of network devices. By inferring the likelihood of attackers successfully capturing devices in a given network topology, it provides defense strategy support for network security managers. Compared with other risk assessment methods, this model is more accurate and efficient in evaluating the risk of vulnerabilities being exploited and devices being compromised in the network.
2. Related Work
3. methodology and implementation, 3.1. vulnerability knowledge graph definition and construction, 3.2. dual-layer knowledge representation learning model.
Learning TransCatAttr |
Training set , entity set V and relation set R, vulnerability entity initial embeddings set l, vulnerability entity attribution embeddings set A, vulnerability relation attribution embeddings set , margin , structure embeddings dimension k, attribution embeddings dimension m. Knowledge graph embedding model ←I; ←A; ← ; ← ; ←I; ←A; ← ; ← ; ← ; ← ; |
3.3. Attack Graph for Relationship Prediction
3.4. experiment validation, 5. discussion.
- This paper proposes a two-layer knowledge representation learning model that introduces entity attribute information during the knowledge representation learning process, enabling more accurate embedding of entity nodes and thereby enhancing the prediction accuracy of influence relationships among vulnerability entities. Firstly, a knowledge graph of vulnerabilities in the cybersecurity domain is constructed, and the meanings of entities and relationships within the vulnerability knowledge graph are elaborated in detail. Multiple-attribute information of vulnerabilities is analyzed and summarized. Secondly, the proposed two-layer knowledge representation learning model is utilized to represent entities and relationships in vector form. Each vulnerability entity is divided into two parts for representation: one based on structure and the other on attribute information, to better depict the actual meaning of vulnerability entities. Finally, a vulnerability knowledge graph comprising 96,261 entities and 398,220 relationships is constructed, and experiments are conducted on this graph to predict the influence relationships among vulnerability entities. The results demonstrate that the proposed model outperforms the TransE model.
- A vulnerability risk calculation model oriented towards influence relationships is proposed, which realizes the risk assessment and ranking of vulnerabilities existing in network scenarios. This model incorporates factors such as the importance of network devices, the connectivity between devices, and the influence relationships among vulnerabilities. It initializes the model by constructing network device connectivity matrices, device vulnerability matrices, vulnerability relationship matrices, and setting relevant weight parameters. An iterative method is employed to calculate the risk scores and rankings of devices and vulnerabilities, enabling risk assessments of both. Experimental results demonstrate that the proposed vulnerability risk calculation model oriented towards influence relationships can more reasonably evaluate the actual risks of vulnerabilities in specific network scenarios.
- A network risk model based on Bayesian attack graphs (BAGs) is proposed, which enables risk assessment of device nodes in a network. Firstly, a BAG incorporating the influence relationships among vulnerabilities is defined to model the network environment. Secondly, for vulnerability nodes, the exploitation probability is quantified by considering the influence relationships among vulnerabilities. For network device nodes, the conditional probability is calculated based on the parent vulnerability nodes of the device condition nodes. The reachability probability of the device condition nodes is then derived using the joint conditional probability of the current node and its parent nodes, thereby inferring the likelihood of an attacker successfully compromising the device within a given network topology. This provides cybersecurity managers with insights for defense strategy support. Finally, compared to the original BAG method, the proposed model offers a more accurate assessment of the risks associated with the exploitation of vulnerabilities and the compromise of devices within the network.
6. Conclusions
Author contributions, data availability statement, acknowledgments, conflicts of interest, appendix a.1.
Attribution Type | Attribution Name | Attribution Meaning | Attribution Value |
---|---|---|---|
Base attributions of the vulnerability | CVE-ID | CVE number | For example CVE-2019-6551 |
Product At OS | The operating system where Influenced the product is located | Linux/Windows/Mac/ Android/iOS | |
Type | Vulnerability type | Sql Injection, XSS, Directory Traversal, DOS, Code Execution, Overflow, Memory Corruption, Bypass, Gain Privileges, CSRF, File Inclusion, Gain Information, Http Response Splitting | |
CWE-ID | CWE number | For example CWE-79 | |
Published Date | Vulnerability published date | For example 2021 October 21 | |
Last Modified | Vulnerability last modified date | For example 2021 November 23 | |
Condition attributions of vulnerability exploitation | Access Vector | Local/Adjacent Network/Remote Network/Physical | |
Authentication | Does vulnerability exploitation require authentication? | Multiple/Single/None | |
Access Complexity | Vulnerability exploitation complexity | High/Low | |
Privileges Required | Permissions required for vulnerability exploitation | High/Low/None | |
Read & Write | Read and write permissions required for vulnerability exploitation | Overall/None/Write Access/Read Access | |
User | Does the exploit | Require/None | |
User Interaction | Does the exploit require user interaction? | ||
Impact attributions of vulnerability exploitation | Access Application | Ability to access the system or application | Yes/No |
Gain Privilege | Gained privilege after vulnerability exploitation | Root/administrator/User/None | |
Execute System Command | Ability to execute system commands | Yes/(System/Root)/No |
Appendix A.2
Click here to enlarge figure
Appendix A.3
- National Vulnerability Database. Available online: https://nvd.nist.gov (accessed on 20 September 2022).
- Williams, M.A.; Dey, S.; Camacho Barranco, R.; Motahar Naim, S.; Hossain, M.S.; Akbar, M. Analyzing Evolving Trends of Vulnerabilities in National Vulnerability Database. In Proceedings of the 2018 IEEE International Conference on Big Data, Big Data 2018, Seattle, WA, USA, 10–13 December 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 3011–3020. [ Google Scholar ]
- Wang, W.; Shi, F.; Zhang, M.; Xu, C.; Zheng, J. A Vulnerability Risk Assessment Method Based on Heterogeneous Information Network. IEEE Access 2020 , 8 , 148315–148330. [ Google Scholar ] [ CrossRef ]
- Cheng, P.; Wang, L.; Jajodia, S.; Singhal, A. Aggregating CVSS base scores for semantics-rich network security metrics. In Proceedings of the IEEE Symposium on Reliable Distributed Systems, Irvine, CA, USA, 8–11 October 2012; IEEE: Piscataway, NJ, USA, 2012; pp. 31–40. [ Google Scholar ]
- Monostori, L.; Kádár, B.; Bauernhansl, T.; Kondoh, S.; Kumara, S.; Reinhart, G.; Sauer, O.; Schuh, G.; Sihn, W.; Ueda, K. Cyber-physical systems in manufacturing. CIRP Ann. Manuf. Technol. 2016 , 65 , 621–641. [ Google Scholar ] [ CrossRef ]
- Sridhar, S.; Hahn, A.; Govindarasu, M. Cyber–physical system security for the electric power grid. Proc. IEEE 2012 , 100 , 210–224. [ Google Scholar ] [ CrossRef ]
- Liang, X.; Xiao, Y. Game theory for network security. IEEE Commun. Surv. Tutor 2013 , 15 , 472–486. [ Google Scholar ] [ CrossRef ]
- Jiang, W.; Zhan, J. A modified combination rule in generalized evidence theory. Appl. Intell. 2017 , 46 , 630–640. [ Google Scholar ] [ CrossRef ]
- Zheng, Z.; Sun, P. Application of RBF neural network in network security risk assessment. In Proceedings of the 2011 International Conference on Computer Science and Applications, Antwerp, Belgium, 26 March 2011; pp. 43–46. [ Google Scholar ]
- Liang, L.; Yang, J.; Liu, G.; Zhu, G.; Yang, Y. Novel method of assessing network security risks based on vulnerability correlation graph. In Proceedings of the 2012 IEEE 2nd International Conference on Computer Science and Network Technology (ICCSNT), Changchun, China, 29–31 December 2012; pp. 1085–1090. [ Google Scholar ]
- Sheyner, O.; Wing, J. Tools for Generating and Analyzing Attack Graphs ; Springer: Berlin/Heidelberg, Germany, 2003. [ Google Scholar ]
- Zhu, Y.; Du, Z. Research on the Key Technologies of Network Security-Oriented Situation Prediction. Sci. Program. 2021 , 2021 , 5527746. [ Google Scholar ] [ CrossRef ]
- Zhou, Y.Y. Risk assessment method for network attack surface based on Bayesian attack graph. Chin. J. Netw. Inf. Secur. 2018 , 4 , 11–22. [ Google Scholar ] [ CrossRef ]
- Huang, K.; Zhou, C.; Tian, Y.C.; Yang, S.; Qin, Y. Assessing the physical impact of cyberattacks on industrial cyber physical systems. IEEE Trans. Ind. Electron. 2018 , 65 , 8153–8162. [ Google Scholar ] [ CrossRef ]
- Wang, H.; Chen, Z.; Feng, X.; Di, X.; Liu, D.; Zhao, J.; Sui, X. Research on Network Security Situation Assessment and Quantification Method Based on Analytic Hierarchy Process. Wirel. Pers. Commun. 2018 , 102 , 1401–1420. [ Google Scholar ] [ CrossRef ]
- Kotenko, I.; Doynikova, E. Security assessment of computer networks based on attack graphs and security events. In Proceedings of the Information & Communication Technology-EurAsia Conference, Bali, Indonesia, 14–17 April 2014; pp. 462–471. [ Google Scholar ]
- Lallie, H.S.; Debattista, K.; Bal, J. A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 2020 , 35 , 100219. [ Google Scholar ] [ CrossRef ]
- Wang, H.; Chen, Z.; Zhao, J.; Di, X.; Liu, D. A Vulnerability Assessment Method in Industrial Internet of Things Based on Attack Graph and Maximum Flow. IEEE Access 2018 , 6 , 8599–8609. [ Google Scholar ] [ CrossRef ]
- Lee, J.; Moon, D.; Kim, I.; Lee, Y. A semantic approach to improving machine readability of a large-scale attack graph. J. Supercomput. 2019 , 75 , 3028–3045. [ Google Scholar ] [ CrossRef ]
- Poolsappasit, N.; Dewri, R.; Ray, I. Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secur. Comput. 2012 , 9 , 61–74. [ Google Scholar ] [ CrossRef ]
- Munoz-Gonzalez, L.; Sgandurra, D.; Barrere, M.; Lupu, E.C. Exact Inference Techniques for the Analysis of Bayesian Attack Graphs. IEEE Trans. Dependable Secur. Comput. 2019 , 16 , 231–244. [ Google Scholar ] [ CrossRef ]
- Lu, J.; Su, P.; Yang, M.; He, L.; Zhang, Y.; Zhu, X.; Lin, H. Software and Cyber Security—A Survey. Ruan Jian Xue Bao/J. Softw. 2016 , 29 , 42–68. (In Chinese) [ Google Scholar ]
- Du, Y.; Lu, Y. A weakness relevance evaluation method based on pagerank. In Proceedings of the 2019 IEEE 4th International Conference on Data Science in Cyberspace, Hangzhou, China, 23–25 June 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 422–427. [ Google Scholar ]
- Han, Z.; Li, X.; Liu, H.; Xing, Z.; Feng, Z. DeepWeak: Reasoning common software weaknesses via knowledge graph embedding. In Proceedings of the 25th IEEE International Conference on Software Analysis, Evolution and Reengineering, Campobasso, Italy, 20–23 March 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 456–466. [ Google Scholar ]
- Wang, Q.; Mao, Z.; Wang, B.; Guo, L. Knowledge graph embedding: A survey of approaches and applications. IEEE Trans. Knowl. Data Eng. 2017 , 29 , 2724–2743. [ Google Scholar ] [ CrossRef ]
- Bollacker, K.; Evans, C.; Paritosh, P.; Sturge, T.; Taylor, J. Freebase: A collaboratively created graph database for structuring human knowledge. In Proceedings of the ACM SIGMOD International Conference on Management of Data, Houston, TX, USA, 10–15 June 2008; pp. 1247–1249. [ Google Scholar ]
- Lehmann, J.; Isele, R.; Jakob, M.; Jentzsch, A.; Kontokostas, D.; Mendes, P.N.; Hellmann, S.; Morsey, M.; Van Kleef, P.; Auer, S.; et al. DBpedia—A large-scale, multilingual knowledge base extracted from Wikipedia. Semant. Web 2015 , 6 , 167–195. [ Google Scholar ] [ CrossRef ]
- Fabian, M.; Gjergji, K.; Gerhard, W. Yago: A Core of Semantic Knowledge Unifying WordNet and Wikipedia. In Proceedings of the 16th International World Wide Web Conference, Banff, AL, Canada, 8–12 May 2007. [ Google Scholar ]
- Carlson, A.; Betteridge, J.; Kisiel, B.; Settles, B.; Hruschka, E.R.; Mitchell, T.M. Toward an architecture for never-ending language learning. In Proceedings of the National Conference on Artificial Intelligence, Atlanta, GA, USA, 11–15 July 2010; pp. 1306–1313. [ Google Scholar ]
- Ji, S.; Pan, S.; Cambria, E.; Marttinen, P.; Yu, P.S. A Survey on Knowledge Graphs: Representation, Acquisition, and Applications. IEEE Trans. Neural Netw. Learn. Syst. 2022 , 33 , 494–514. [ Google Scholar ] [ CrossRef ]
- Li, Z.; Liu, H.; Zhang, Z.; Liu, T.; Xiong, N.N. Learning Knowledge Graph Embedding with Heterogeneous Relation Attention Networks. IEEE Trans. Neural Netw. Learn. Syst. 2022 , 33 , 3961–3973. [ Google Scholar ] [ CrossRef ]
- Du, H.; Wang, Z.; Nie, H.; Yao, Q.; Li, X. Multi-scale dilated convolutional network for knowledge graph embedding. Sci. China Inf. 2022 , 52 , 1204–1220. [ Google Scholar ]
- Chen, Z.; Wang, Y.; Zhao, B.; Cheng, J.; Zhao, X.; Duan, Z. Knowledge graph completion: A review. IEEE Access 2020 , 8 , 192435–192456. [ Google Scholar ] [ CrossRef ]
- Shen, Y.; Ding, N.; Zheng, H.T.; Li, Y.; Yang, M. Modeling Relation Paths for Knowledge Graph Completion. IEEE Trans. Knowl. Data Eng. 2021 , 33 , 3607–3617. [ Google Scholar ] [ CrossRef ]
- Bayrak, B.; Choupani, R.; Dogdu, E. Link Prediction in Knowledge Graphs with Numeric Triples Using Clustering. In Proceedings of the 2020 IEEE International Conference on Big Data, Big Data 2020, Virtual, 10–13 December 2020; pp. 4492–4498. [ Google Scholar ]
- Zhao, F.; Xu, T.; Jin, L.; Jin, H. Convolutional Network Embedding of Text-Enhanced Representation for Knowledge Graph Completion. IEEE Internet Things J. 2021 , 8 , 16758–16769. [ Google Scholar ] [ CrossRef ]
- Hong, W.; Li, S.; Hu, Z.; Rasool, A.; Jiang, Q.; Weng, Y. Improving Relation Extraction by Knowledge Representation Learning. In Proceedings of the International Conference on Tools with Artificial Intelligence, ICTAI 2021-November, Virtual, 1–3 November 2021; pp. 1211–1215. [ Google Scholar ]
- Bordes, A.; Usunier, N.; Garcia-Durán, A.; Weston, J.; Yakhnenko, O. Translating embeddings for modeling multi-relational data. Adv. Neural Inf. Process. Syst. 2013 , 26 , 1–9. [ Google Scholar ]
- Berant, J.; Chou, A.; Frostig, R.; Liang, P. Semantic parsing on freebase from question-answer pairs. In Proceedings of the 2013 Conference on Empirical Methods in Natural Language Processing (EMNLP 2013), Seattle, WA, USA, 18–21 October 2013; pp. 1533–1544. [ Google Scholar ]
- Lin, Y.; Liu, Z.; Sun, M.; Liu, Y.; Zhu, X. Learning Entity and Relation Embeddings for Knowledge Graph Completion. In Proceedings of the 29th AAAI Conference on Artificial Intelligence, Austin, TX, USA, 25–30 January 2015; pp. 2181–2187. [ Google Scholar ]
- Ji, G.; He, S.; Xu, L.; Liu, K.; Zhao, J. Knowledge graph embedding via dynamic mapping matrix. In Proceedings of the ACL-IJCNLP 2015—53rd Annual Meeting of the Association for Computational Linguistics and the 7th International Joint Conference on Natural Language Processing of the Asian Federation of Natural Language Processing, Beijing, China, 26–31 July 2015; pp. 687–696. [ Google Scholar ]
- Yang, R.; Wei, Z.; Fan, Y.; Zhao, J. A Few-Shot Inductive Link Prediction Model in Knowledge Graphs. IEEE Access 2022 , 10 , 97370–97380. [ Google Scholar ] [ CrossRef ]
- Wang, X.; He, X.; Cao, Y.; Liu, M.; Chua, T. KGAT: Knowledge Graph Attention Network for Recommendation. In Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, Anchorage, AK, USA, 4–8 August 2019. [ Google Scholar ]
- CVSS. Available online: https://www.first.org/cvss/ (accessed on 1 November 2023).
Indicator Name | Indicator Values |
---|---|
PR | None/Low/High |
AV | Network/Adjacent/Local/Physical |
AC | Low/High |
UI | None/Required |
Symbol | Means |
---|---|
S | The device node for attack status from start to end. |
E | Dependencies between S during the attack occurrence. |
Vul | Vulnerability assemble for attack. |
R | The relationship between multiple precursor nodes and the successor nodes is represented as . |
Inf | Impact relationships between vulnerabilities mentioned in . |
Pro | Attack the accessibility probability of the S in the graph. |
Entity Node Type/Relationship Type | Quantity (Pcs/Strip) |
---|---|
Vulnerability | 55,874 |
Product | 33,249 |
Vendor | 7138 |
Influence | 168,406 |
AffiliatedWith | 33,368 |
IncreasePermissions | 98,254 |
IncreaseAccessVector | 20,101 |
DecreaseComplexity | 78,091 |
Parameters | Value | Meaning |
---|---|---|
embedding_dim | 111 | Embedding dimension |
0.01 | Learning rate | |
margin | 4.0 | Loss function margin |
norm | 1 | L1-norm or L2-norm |
c | 0.25 | Threshold value |
epochs | 500 | Model training iteration times |
batch_size | 9600 | Batch size |
Model | Entity MR | Entity Hits@10 | Relationship MR | Relationship Hits@1 |
---|---|---|---|---|
TransE | 19.92% | 904.55 | 90.98% | 2 |
TransCatAttr | 28.89% | 760.6 | 99.19% | 1.4 |
S | S | P(S |S ) | P(S |S ) | ||
---|---|---|---|---|---|
True | False | True | False | ||
True | True | 0.22 | 0.78 | 0.28 | 0.72 |
True | False | 0.22 | 0.78 | 0 | 1 |
False | True | 0 | 0 | 0.28 | 0.72 |
False | False | 0 | 0 | 0 | 1 |
The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
Share and Cite
Jiao, J.; Li, W.; Guo, D. The Vulnerability Relationship Prediction Research for Network Risk Assessment. Electronics 2024 , 13 , 3350. https://doi.org/10.3390/electronics13173350
Jiao J, Li W, Guo D. The Vulnerability Relationship Prediction Research for Network Risk Assessment. Electronics . 2024; 13(17):3350. https://doi.org/10.3390/electronics13173350
Jiao, Jian, Wenhao Li, and Dongchao Guo. 2024. "The Vulnerability Relationship Prediction Research for Network Risk Assessment" Electronics 13, no. 17: 3350. https://doi.org/10.3390/electronics13173350
Article Metrics
Article access statistics, further information, mdpi initiatives, follow mdpi.
Subscribe to receive issue release notifications and newsletters from MDPI journals
This is a potential security issue, you are being redirected to https://csrc.nist.gov .
You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock Locked padlock icon ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Applying 5G Cybersecurity and Privacy Capabilities | New White Paper Series August 15, 2024
5G technology for broadband cellular networks will significantly improve how humans and machines communicate, operate, and interact in the physical and virtual world. 5G provides increased bandwidth and capacity, and low latency. However, professionals in fields like technology, cybersecurity, and privacy are faced with safeguarding this technology while its development, deployment, and usage are still evolving.
To help, the NIST National Cybersecurity Center of Excellence (NCCoE) has launched the Applying 5G Cybersecurity and Privacy Capabilities white paper series. The series targets technology, cybersecurity, and privacy program managers within commercial mobile network operators, potential private 5G network operators, and organizations using and managing 5G-enabled technology who are concerned with how to identify, understand, assess, and mitigate risk for 5G networks. In the series we provide recommended practices and illustrate how to implement them. All of the capabilities featured in the white papers have been implemented in the NCCoE testbed on commercial-grade 5G equipment.
We are pleased to announce the release of the first two papers in this series:
- Applying 5G Cybersecurity and Privacy Capabilities: Introduction to the White Paper Series explains what you can expect from each part of the series: information, guidance, recommended practices, and research findings for a specific technical cybersecurity or privacy-supporting capability available in 5G systems or their supporting infrastructures.
- Protecting Subscriber Identifiers with Subscription Concealed Identifier (SUCI) describes enabling SUCI protection, an optional capability new in 5G which provides important security and privacy protections for subscribers. 5G network operators are encouraged to enable SUCI on their 5G networks and subscriber SIMs and to configure SUCI to use a non-null encryption cipher scheme; this provides their customers with the advantages of SUCI’s protections.
You are invited to review the drafts and submit comments by September 16, 2024 . See the 5G Cybersecurity Project for more details.
Related Topics
Security and Privacy: general security & privacy
Technologies: mobile
Applications: communications & wireless
Sectors: telecommunications
- Presentations
- Advanced Photonics
- Advanced Photonics Nexus
- Biophotonics Discovery
- Journal of Applied Remote Sensing
- Journal of Astronomical Telescopes, Instruments, and Systems
- Journal of Biomedical Optics
- Journal of Electronic Imaging
- Journal of Medical Imaging
- Journal of Micro/Nanopatterning, Materials, and Metrology
- Journal of Nanophotonics
- Journal of Optical Microsystems
- Journal of Photonics for Energy
- Neurophotonics
- Optical Engineering
- Photonics Insights
- FIGURES & TABLES
- DOWNLOAD PAPER SAVE TO MY LIBRARY
Show All Keywords
Keywords/phrases, publication years.
- Publications
- News and Events
- Education and Outreach
Software Engineering Institute
Sei digital library, latest publications, embracing ai: unlocking scalability and transformation through generative text, imagery, and synthetic audio, august 28, 2024 • webcast, by tyler brooks , shannon gallagher , dominic a. ross.
In this webcast, Tyler Brooks, Shannon Gallagher, and Dominic Ross aim to demystify AI and illustrate its transformative power in achieving scalability, adapting to changing landscapes, and driving digital innovation.
Counter AI: What Is It and What Can You Do About It?
August 27, 2024 • white paper, by nathan m. vanhoudnos , carol j. smith , matt churilla , shing-hon lau , lauren mcilvenny , greg touhill.
This paper describes counter artificial intelligence (AI) and provides recommendations on what can be done about it.
Using Quality Attribute Scenarios for ML Model Test Case Generation
August 27, 2024 • conference paper, by rachel brower-sinning , grace lewis , sebastián echeverría , ipek ozkaya.
This paper presents an approach based on quality attribute (QA) scenarios to elicit and define system- and model-relevant test cases for ML models.
3 API Security Risks (and How to Protect Against Them)
August 27, 2024 • podcast, by mckinley sconiers-hasan.
McKinley Sconiers-Hasan discusses three API risks and how to address them through the lens of zero trust.
Lessons Learned in Coordinated Disclosure for Artificial Intelligence and Machine Learning Systems
August 20, 2024 • white paper, by allen d. householder , vijay s. sarvepalli , jeff havrilla , matt churilla , lena pons , shing-hon lau , nathan m. vanhoudnos , andrew kompanek , lauren mcilvenny.
In this paper, the authors describe lessons learned from coordinating AI and ML vulnerabilities at the SEI's CERT/CC.
On the Design, Development, and Testing of Modern APIs
July 30, 2024 • white paper, by alejandro gomez , alex vesey.
This white paper discusses the design, desired qualities, development, testing, support, and security of modern application programming interfaces (APIs).
Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices
July 26, 2024 • podcast, by jeff gennari , samuel j. perl.
Jeff Gennari and Sam Perl discuss applications for LLMs in cybersecurity, potential challenges, and recommendations for evaluating LLMs.
Capability-based Planning for Early-Stage Software Development
July 24, 2024 • podcast, by anandi hira , bill nichols.
This SEI podcast introduces capability-based planning (CBP) and its use and application in software acquisition.
A Model Problem for Assurance Research: An Autonomous Humanitarian Mission Scenario
July 23, 2024 • technical note, by gabriel moreno , anton hristozov , john e. robert , mark h. klein.
This report describes a model problem to support research in large-scale assurance.
Safeguarding Against Recent Vulnerabilities Related to Rust
June 28, 2024 • podcast, by david svoboda.
David Svoboda discusses two vulnerabilities related to Rust, their sources, and how to mitigate them.
NIST Wants Feedback on 5G Cybersecurity White Paper Series
The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is looking for feedback on its new whitepaper series focused on safeguarding 5G wireless technology.
The Applying 5G Cybersecurity and Privacy Capabilities white paper series offers best practices and how to implement them. NIST said all of the capabilities featured in the white papers have been implemented in the NCCoE testbed on commercial-grade 5G equipment.
“The series targets technology, cybersecurity, and privacy program managers within commercial mobile network operators, potential private 5G network operators, and organizations using and managing 5G-enabled technology who are concerned with how to identify, understand, assess, and mitigate risk for 5G networks,” the NCCoE said in an Aug. 15 press release .
The release explains that 5G technology will provide a range of benefits, including increased bandwidth and capacity, as well as faster speeds. However, the NCCoE noted that tech professionals “are faced with safeguarding this technology while its development, deployment, and usage are still evolving.”
The white papers aim to help these stakeholders better navigate 5G cybersecurity. Last week, the NCCoE announced the first white paper , which simply serves as an introduction to the series and explains what to expect.
Simultaneously, the NCCoE also published the first technical white paper , which describes enabling Subscription Concealed Identifier (SUCI) protection. According to NIST, SUCI is “an optional 5G capability which provides important security and privacy protections for subscriber identifiers.”
NIST is looking for comments on the white paper series by Sept. 16. The agency also invites stakeholders to join the 5G Community of Interest to be notified when it releases a paper.
- CISA’s China Specialist Andrew Scott Steps Down
- CISA Launches Improved Cyber Incident Reporting Platform
- Barry Tanner Named Navy Deputy CIO
Privacy Overview
Cookie | Duration | Description |
---|---|---|
AWSALBCORS | 7 days | Amazon Web Services set this cookie for load balancing. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category. |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
CookieLawInfoConsent | 1 year | CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie. |
JSESSIONID | session | New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application. |
PHPSESSID | session | This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
_pxhd | 1 year | PerimeterX sets this cookie for server-side bot detection, which helps identify malicious bots on the site. |
Cookie | Duration | Description |
---|---|---|
lidc | 1 day | LinkedIn sets the lidc cookie to facilitate data center selection. |
li_gc | 5 months 27 days | Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes. |
UserMatchHistory | 1 month | LinkedIn sets this cookie for LinkedIn Ads ID syncing. |
__cf_bm | 30 minutes | Cloudflare set the cookie to support Cloudflare Bot Management. |
Cookie | Duration | Description |
---|---|---|
AWSALB | 7 days | AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target. |
_gat | 1 minute | Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites. |
Cookie | Duration | Description |
---|---|---|
AnalyticsSyncHistory | 1 month | Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie. |
CONSENT | 2 years | YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data. |
ln_or | 1 day | Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics. |
pardot | past | The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking. |
UID | 1 year 1 month 4 days | Scorecard Research sets this cookie for browser behaviour research. |
vuid | 1 year 1 month 4 days | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website. |
_ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
_ga_* | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
_gcl_au | 3 months | Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. |
__gads | 1 year 24 days | Google sets this cookie under the DoubleClick domain, tracks the number of times users see an advert, measures the campaign's success, and calculates its revenue. This cookie can only be read from the domain they are currently on and will not track any data while they are browsing other sites. |
Cookie | Duration | Description |
---|---|---|
anj | 3 months | AppNexus sets the anj cookie that contains data stating whether a cookie ID is synced with partners. |
bcookie | 1 year | LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs. |
bscookie | 1 year | LinkedIn sets this cookie to store performed actions on the website. |
GoogleAdServingTest | session | Google sets this cookie to determine what ads have been shown to the website visitor. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile. |
li_sugr | 3 months | LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant. |
muc_ads | 1 year 1 month 4 days | Twitter sets this cookie to collect user behaviour and interaction data to optimize the website. |
personalization_id | 1 year 1 month 4 days | Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting. |
test_cookie | 15 minutes | doubleclick.net sets this cookie to determine if the user's browser supports cookies. |
uuid2 | 3 months | The uuid2 cookie is set by AppNexus and records information that helps differentiate between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment. |
VISITOR_INFO1_LIVE | 5 months 27 days | YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface. |
YSC | session | Youtube sets this cookie to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
yt-remote-device-id | never | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
yt.innertube::nextId | never | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |
_mkto_trk | 1 year 1 month 4 days | This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo. |
__gpi | 1 year 24 days | Google Ads Service uses this cookie to collect information about from multiple websites for retargeting ads. |
Cookie | Duration | Description |
---|---|---|
AB | 1 year | Description is currently not available. |
ays_popup_cookie_1 | less than a minute | Description is currently not available. |
FTR_Cache_Status | session | Description is currently not available. |
FTR_Country_Code | session | No description available. |
isEU | session | No description available. |
jallery_uid | 1 year 1 month 4 days | Description is currently not available. |
loglevel | never | No description available. |
visitor-id | 1 year | No description available. |
_bit | 5 months 27 days | No description available. |
105 Latest Cyber Security Research Topics in 2024
Home Blog Security 105 Latest Cyber Security Research Topics in 2024
The concept of cybersecurity refers to cracking the security mechanisms that break in dynamic environments. Implementing Cyber Security Project topics and cybersecurity thesis topics helps overcome attacks and take mitigation approaches to security risks and threats in real-time. Undoubtedly, it focuses on events injected into the system, data, and the whole network to attack/disturb it.
The network can be attacked in various ways, including Distributed DoS, Knowledge Disruptions, Computer Viruses / Worms, and many more. Cyber-attacks are still rising, and more are waiting to harm their targeted systems and networks. Detecting Intrusions in cybersecurity has become challenging due to their Intelligence Performance. Therefore, it may negatively affect data integrity, privacy, availability, and security.
This article aims to demonstrate the most current Cyber Security Research Topics for Projects and areas of research currently lacking. We will talk about cyber security research questions, cyber security topics for the project, latest research titles about cyber security.
List of Trending Cyber Security Research Topics in 2024
Digital technology has revolutionized how all businesses, large or small, work, and even governments manage their day-to-day activities, requiring organizations, corporations, and government agencies to utilize computerized systems. To protect data against online attacks or unauthorized access, cybersecurity is a priority. There are many Cyber Security Courses online where you can learn about these topics. With the rapid development of technology comes an equally rapid shift in Cyber Security Research Topics and cybersecurity trends, as data breaches, ransomware, and hacks become almost routine news items. In 2024, these will be the top cybersecurity trends .
A. Exciting Mobile Cyber Security Research Paper Topics
- The significance of continuous user authentication on mobile gadgets.
- The efficacy of different mobile security approaches.
- Detecting mobile phone hacking.
- Assessing the threat of using portable devices to access banking services.
- Cybersecurity and mobile applications.
- The vulnerabilities in wireless mobile data exchange.
- The rise of mobile malware.
- The evolution of Android malware.
- How to know you’ve been hacked on mobile.
- The impact of mobile gadgets on cybersecurity.
B. Top Computer and Software Security Topics to Research
- Learn algorithms for data encryption
- Concept of risk management security
- How to develop the best Internet security software
- What are Encrypting Viruses- How does it work?
- How does a Ransomware attack work?
- Scanning of malware on your PC
- Infiltrating a Mac OS X operating system
- What are the effects of RSA on network security ?
- How do encrypting viruses work?
- DDoS attacks on IoT devices
C. Trending Information Security Research Topics
- Why should people avoid sharing their details on Facebook?
- What is the importance of unified user profiles?
- Discuss Cookies and Privacy
- White hat and black hat hackers
- What are the most secure methods for ensuring data integrity?
- Talk about the implications of Wi-Fi hacking apps on mobile phones
- Analyze the data breaches in 2024
- Discuss digital piracy in 2024
- critical cyber-attack concepts
- Social engineering and its importance
D. Current Network Security Research Topics
- Data storage centralization
- Identify Malicious activity on a computer system.
- Firewall
- Importance of keeping updated Software
- wireless sensor network
- What are the effects of ad-hoc networks
- How can a company network be safe?
- What are Network segmentation and its applications?
- Discuss Data Loss Prevention systems
- Discuss various methods for establishing secure algorithms in a network.
- Talk about two-factor authentication
E. Best Data Security Research Topics
- Importance of backup and recovery
- Benefits of logging for applications
- Understand physical data security
- Importance of Cloud Security
- In computing, the relationship between privacy and data security
- Talk about data leaks in mobile apps
- Discuss the effects of a black hole on a network system.
F. Important Application Security Research Topics
- Detect Malicious Activity on Google Play Apps
- Dangers of XSS attacks on apps
- Discuss SQL injection attacks.
- Insecure Deserialization Effect
- Check Security protocols
G. Cybersecurity Law & Ethics Research Topics
- Strict cybersecurity laws in China
- Importance of the Cybersecurity Information Sharing Act.
- USA, UK, and other countries' cybersecurity laws
- Discuss The Pipeline Security Act in the United States
H. Recent Cyberbullying Topics
- Protecting your Online Identity and Reputation
- Online Safety
- Sexual Harassment and Sexual Bullying
- Dealing with Bullying
- Stress Center for Teens
I. Operational Security Topics
- Identify sensitive data
- Identify possible threats
- Analyze security threats and vulnerabilities
- Appraise the threat level and vulnerability risk
- Devise a plan to mitigate the threats
J. Cybercrime Topics for a Research Paper
- Crime Prevention.
- Criminal Specialization.
- Drug Courts.
- Criminal Courts.
- Criminal Justice Ethics.
- Capital Punishment.
- Community Corrections.
- Criminal Law.
Cyber Security Future Research Topics
- Developing more effective methods for detecting and responding to cyber attacks
- Investigating the role of social media in cyber security
- Examining the impact of cloud computing on cyber security
- Investigating the security implications of the Internet of Things
- Studying the effectiveness of current cyber security measures
- Identifying new cyber security threats and vulnerabilities
- Developing more effective cyber security policies
- Examining the ethical implications of cyber security
Cyber Security Topics For Research Paper
- Cyber security threats and vulnerabilities
- Cyber security incident response and management
- Cyber security risk management
- Cyber security awareness and training
- Cyber security controls and countermeasures
- Cyber security governance
- Cyber security standards
- Cyber security insurance
Top 5 Current Research Topics in Cybersecurity
Below are the latest 5 cybersecurity research topics. They are:
- Artificial Intelligence
- Digital Supply Chains
- Internet of Things
- State-Sponsored Attacks
- Working From Home
Research Area in Cyber Security
The field of cyber security is extensive and constantly evolving. Its research covers a wide range of subjects, including:
- Quantum & Space
- Data Privacy
- Criminology & Law
- AI & IoT Security
- RFID Security
- Authorization Infrastructure
- Digital Forensics
- Autonomous Security
- Social Influence on Social Networks
How to Choose the Best Research Topics in Cyber Security?
A good cybersecurity assignment heading is a skill that not everyone has, and unfortunately, not everyone has one. You might have your teacher provide you with the topics, or you might be asked to come up with your own. If you want more cyber security research topics, you can take references from Certified Ethical Hacker Certification, where you will get more hints on new topics. If you don't know where to start, here are some tips. Follow them to create compelling cybersecurity assignment topics.
1. Brainstorm
In order to select the most appropriate heading for your cybersecurity assignment, you first need to brainstorm ideas. What specific matter do you wish to explore? In this case, come up with relevant topics about the subject and select those relevant to your issue when you use our list of topics. You can also go to cyber security-oriented websites to get some ideas. Using any blog post on the internet can prove helpful if you intend to write a research paper on security threats in 2024. Creating a brainstorming list with all the keywords and cybersecurity concepts you wish to discuss is another great way to start. Once that's done, pick the topics you feel most comfortable handling. Keep in mind to stay away from common topics as much as possible.
2. Understanding the Background
In order to write a cybersecurity assignment, you need to identify two or three research paper topics. Obtain the necessary resources and review them to gain background information on your heading. This will also allow you to learn new terminologies that can be used in your title to enhance it.
3. Write a Single Topic
Make sure the subject of your cybersecurity research paper doesn't fall into either extreme. Make sure the title is neither too narrow nor too broad. Topics on either extreme will be challenging to research and write about.
4. Be Flexible
There is no rule to say that the title you choose is permanent. It is perfectly okay to change your research paper topic along the way. For example, if you find another topic on this list to better suit your research paper, consider swapping it out.
The Layout of Cybersecurity Research Guidance
It is undeniable that usability is one of cybersecurity's most important social issues today. Increasingly, security features have become standard components of our digital environment, which pervade our lives and require both novices and experts to use them. Supported by confidentiality, integrity, and availability concerns, security features have become essential components of our digital environment.
In order to make security features easily accessible to a wider population, these functions need to be highly usable. This is especially true in this context because poor usability typically translates into the inadequate application of cybersecurity tools and functionality, resulting in their limited effectiveness.
Cyber Security Research Topic Writing Tips from Expert
Additionally, a well-planned action plan and a set of useful tools are essential for delving into Cyber Security research topics. Not only do these topics present a vast realm of knowledge and potential innovation, but they also have paramount importance in today's digital age. Addressing the challenges and nuances of these research areas will contribute significantly to the global cybersecurity landscape, ensuring safer digital environments for all. It's crucial to approach these topics with diligence and an open mind to uncover groundbreaking insights.
- Before you begin writing your research paper, make sure you understand the assignment.
- Your Research Paper Should Have an Engaging Topic
- Find reputable sources by doing a little research
- Precisely state your thesis on cybersecurity
- A rough outline should be developed
- Finish your paper by writing a draft
- Make sure that your bibliography is formatted correctly and cites your sources.
Discover the Power of ITIL 4 Foundation - Unleash the Potential of Your Business with this Cost-Effective Solution. Boost Efficiency, Streamline Processes, and Stay Ahead of the Competition. Learn More!
Studies in the literature have identified and recommended guidelines and recommendations for addressing security usability problems to provide highly usable security. The purpose of such papers is to consolidate existing design guidelines and define an initial core list that can be used for future reference in the field of Cyber Security Research Topics.
The researcher takes advantage of the opportunity to provide an up-to-date analysis of cybersecurity usability issues and evaluation techniques applied so far. As a result of this research paper, researchers and practitioners interested in cybersecurity systems who value human and social design elements are likely to find it useful. You can find KnowledgeHut’s Cyber Security courses online and take maximum advantage of them.
Frequently Asked Questions (FAQs)
Businesses and individuals are changing how they handle cybersecurity as technology changes rapidly - from cloud-based services to new IoT devices.
Ideally, you should have read many papers and know their structure, what information they contain, and so on if you want to write something of interest to others.
Inmates having the right to work, transportation of concealed weapons, rape and violence in prison, verdicts on plea agreements, rehab versus reform, and how reliable are eyewitnesses?
The field of cyber security is extensive and constantly evolving. Its research covers various subjects, including Quantum & Space, Data Privacy, Criminology & Law, and AI & IoT Security.
Mrinal Prakash
I am a B.Tech Student who blogs about various topics on cyber security and is specialized in web application security
Avail your free 1:1 mentorship session.
Something went wrong
Upcoming Cyber Security Batches & Dates
Name | Date | Fee | Know more |
---|
Samantha Putterman, PolitiFact Samantha Putterman, PolitiFact
Leave your feedback
- Copy URL https://www.pbs.org/newshour/politics/fact-checking-warnings-from-democrats-about-project-2025-and-donald-trump
Fact-checking warnings from Democrats about Project 2025 and Donald Trump
This fact check originally appeared on PolitiFact .
Project 2025 has a starring role in this week’s Democratic National Convention.
And it was front and center on Night 1.
WATCH: Hauling large copy of Project 2025, Michigan state Sen. McMorrow speaks at 2024 DNC
“This is Project 2025,” Michigan state Sen. Mallory McMorrow, D-Royal Oak, said as she laid a hardbound copy of the 900-page document on the lectern. “Over the next four nights, you are going to hear a lot about what is in this 900-page document. Why? Because this is the Republican blueprint for a second Trump term.”
Vice President Kamala Harris, the Democratic presidential nominee, has warned Americans about “Trump’s Project 2025” agenda — even though former President Donald Trump doesn’t claim the conservative presidential transition document.
“Donald Trump wants to take our country backward,” Harris said July 23 in Milwaukee. “He and his extreme Project 2025 agenda will weaken the middle class. Like, we know we got to take this seriously, and can you believe they put that thing in writing?”
Minnesota Gov. Tim Walz, Harris’ running mate, has joined in on the talking point.
“Don’t believe (Trump) when he’s playing dumb about this Project 2025. He knows exactly what it’ll do,” Walz said Aug. 9 in Glendale, Arizona.
Trump’s campaign has worked to build distance from the project, which the Heritage Foundation, a conservative think tank, led with contributions from dozens of conservative groups.
Much of the plan calls for extensive executive-branch overhauls and draws on both long-standing conservative principles, such as tax cuts, and more recent culture war issues. It lays out recommendations for disbanding the Commerce and Education departments, eliminating certain climate protections and consolidating more power to the president.
Project 2025 offers a sweeping vision for a Republican-led executive branch, and some of its policies mirror Trump’s 2024 agenda, But Harris and her presidential campaign have at times gone too far in describing what the project calls for and how closely the plans overlap with Trump’s campaign.
PolitiFact researched Harris’ warnings about how the plan would affect reproductive rights, federal entitlement programs and education, just as we did for President Joe Biden’s Project 2025 rhetoric. Here’s what the project does and doesn’t call for, and how it squares with Trump’s positions.
Are Trump and Project 2025 connected?
To distance himself from Project 2025 amid the Democratic attacks, Trump wrote on Truth Social that he “knows nothing” about it and has “no idea” who is in charge of it. (CNN identified at least 140 former advisers from the Trump administration who have been involved.)
The Heritage Foundation sought contributions from more than 100 conservative organizations for its policy vision for the next Republican presidency, which was published in 2023.
Project 2025 is now winding down some of its policy operations, and director Paul Dans, a former Trump administration official, is stepping down, The Washington Post reported July 30. Trump campaign managers Susie Wiles and Chris LaCivita denounced the document.
WATCH: A look at the Project 2025 plan to reshape government and Trump’s links to its authors
However, Project 2025 contributors include a number of high-ranking officials from Trump’s first administration, including former White House adviser Peter Navarro and former Housing and Urban Development Secretary Ben Carson.
A recently released recording of Russell Vought, a Project 2025 author and the former director of Trump’s Office of Management and Budget, showed Vought saying Trump’s “very supportive of what we do.” He said Trump was only distancing himself because Democrats were making a bogeyman out of the document.
Project 2025 wouldn’t ban abortion outright, but would curtail access
The Harris campaign shared a graphic on X that claimed “Trump’s Project 2025 plan for workers” would “go after birth control and ban abortion nationwide.”
The plan doesn’t call to ban abortion nationwide, though its recommendations could curtail some contraceptives and limit abortion access.
What’s known about Trump’s abortion agenda neither lines up with Harris’ description nor Project 2025’s wish list.
Project 2025 says the Department of Health and Human Services Department should “return to being known as the Department of Life by explicitly rejecting the notion that abortion is health care.”
It recommends that the Food and Drug Administration reverse its 2000 approval of mifepristone, the first pill taken in a two-drug regimen for a medication abortion. Medication is the most common form of abortion in the U.S. — accounting for around 63 percent in 2023.
If mifepristone were to remain approved, Project 2025 recommends new rules, such as cutting its use from 10 weeks into pregnancy to seven. It would have to be provided to patients in person — part of the group’s efforts to limit access to the drug by mail. In June, the U.S. Supreme Court rejected a legal challenge to mifepristone’s FDA approval over procedural grounds.
WATCH: Trump’s plans for health care and reproductive rights if he returns to White House The manual also calls for the Justice Department to enforce the 1873 Comstock Act on mifepristone, which bans the mailing of “obscene” materials. Abortion access supporters fear that a strict interpretation of the law could go further to ban mailing the materials used in procedural abortions, such as surgical instruments and equipment.
The plan proposes withholding federal money from states that don’t report to the Centers for Disease Control and Prevention how many abortions take place within their borders. The plan also would prohibit abortion providers, such as Planned Parenthood, from receiving Medicaid funds. It also calls for the Department of Health and Human Services to ensure that the training of medical professionals, including doctors and nurses, omits abortion training.
The document says some forms of emergency contraception — particularly Ella, a pill that can be taken within five days of unprotected sex to prevent pregnancy — should be excluded from no-cost coverage. The Affordable Care Act requires most private health insurers to cover recommended preventive services, which involves a range of birth control methods, including emergency contraception.
Trump has recently said states should decide abortion regulations and that he wouldn’t block access to contraceptives. Trump said during his June 27 debate with Biden that he wouldn’t ban mifepristone after the Supreme Court “approved” it. But the court rejected the lawsuit based on standing, not the case’s merits. He has not weighed in on the Comstock Act or said whether he supports it being used to block abortion medication, or other kinds of abortions.
Project 2025 doesn’t call for cutting Social Security, but proposes some changes to Medicare
“When you read (Project 2025),” Harris told a crowd July 23 in Wisconsin, “you will see, Donald Trump intends to cut Social Security and Medicare.”
The Project 2025 document does not call for Social Security cuts. None of its 10 references to Social Security addresses plans for cutting the program.
Harris also misleads about Trump’s Social Security views.
In his earlier campaigns and before he was a politician, Trump said about a half-dozen times that he’s open to major overhauls of Social Security, including cuts and privatization. More recently, in a March 2024 CNBC interview, Trump said of entitlement programs such as Social Security, “There’s a lot you can do in terms of entitlements, in terms of cutting.” However, he quickly walked that statement back, and his CNBC comment stands at odds with essentially everything else Trump has said during the 2024 presidential campaign.
Trump’s campaign website says that not “a single penny” should be cut from Social Security. We rated Harris’ claim that Trump intends to cut Social Security Mostly False.
Project 2025 does propose changes to Medicare, including making Medicare Advantage, the private insurance offering in Medicare, the “default” enrollment option. Unlike Original Medicare, Medicare Advantage plans have provider networks and can also require prior authorization, meaning that the plan can approve or deny certain services. Original Medicare plans don’t have prior authorization requirements.
The manual also calls for repealing health policies enacted under Biden, such as the Inflation Reduction Act. The law enabled Medicare to negotiate with drugmakers for the first time in history, and recently resulted in an agreement with drug companies to lower the prices of 10 expensive prescriptions for Medicare enrollees.
Trump, however, has said repeatedly during the 2024 presidential campaign that he will not cut Medicare.
Project 2025 would eliminate the Education Department, which Trump supports
The Harris campaign said Project 2025 would “eliminate the U.S. Department of Education” — and that’s accurate. Project 2025 says federal education policy “should be limited and, ultimately, the federal Department of Education should be eliminated.” The plan scales back the federal government’s role in education policy and devolves the functions that remain to other agencies.
Aside from eliminating the department, the project also proposes scrapping the Biden administration’s Title IX revision, which prohibits discrimination based on sexual orientation and gender identity. It also would let states opt out of federal education programs and calls for passing a federal parents’ bill of rights similar to ones passed in some Republican-led state legislatures.
Republicans, including Trump, have pledged to close the department, which gained its status in 1979 within Democratic President Jimmy Carter’s presidential Cabinet.
In one of his Agenda 47 policy videos, Trump promised to close the department and “to send all education work and needs back to the states.” Eliminating the department would have to go through Congress.
What Project 2025, Trump would do on overtime pay
In the graphic, the Harris campaign says Project 2025 allows “employers to stop paying workers for overtime work.”
The plan doesn’t call for banning overtime wages. It recommends changes to some Occupational Safety and Health Administration, or OSHA, regulations and to overtime rules. Some changes, if enacted, could result in some people losing overtime protections, experts told us.
The document proposes that the Labor Department maintain an overtime threshold “that does not punish businesses in lower-cost regions (e.g., the southeast United States).” This threshold is the amount of money executive, administrative or professional employees need to make for an employer to exempt them from overtime pay under the Fair Labor Standards Act.
In 2019, the Trump’s administration finalized a rule that expanded overtime pay eligibility to most salaried workers earning less than about $35,568, which it said made about 1.3 million more workers eligible for overtime pay. The Trump-era threshold is high enough to cover most line workers in lower-cost regions, Project 2025 said.
The Biden administration raised that threshold to $43,888 beginning July 1, and that will rise to $58,656 on Jan. 1, 2025. That would grant overtime eligibility to about 4 million workers, the Labor Department said.
It’s unclear how many workers Project 2025’s proposal to return to the Trump-era overtime threshold in some parts of the country would affect, but experts said some would presumably lose the right to overtime wages.
Other overtime proposals in Project 2025’s plan include allowing some workers to choose to accumulate paid time off instead of overtime pay, or to work more hours in one week and fewer in the next, rather than receive overtime.
Trump’s past with overtime pay is complicated. In 2016, the Obama administration said it would raise the overtime to salaried workers earning less than $47,476 a year, about double the exemption level set in 2004 of $23,660 a year.
But when a judge blocked the Obama rule, the Trump administration didn’t challenge the court ruling. Instead it set its own overtime threshold, which raised the amount, but by less than Obama.
Support Provided By: Learn more
Educate your inbox
Subscribe to Here’s the Deal, our politics newsletter for analysis you won’t find anywhere else.
Thank you. Please check your inbox to confirm.
- Skip to main content
- Skip to search
- Skip to footer
Products and Services
Cisco Secure Firewall
Do you have a firewall fit for today's challenges.
Does it harmonize your network, workload, and application security? Does it protect apps and employees in your hybrid or multicloud environment? Make sure you're covered.
Anticipate, act, and simplify with Secure Firewall
Cisco AI Assistant for Security demo
With workers, data, and offices located across the country and around the world, your firewall must be ready for anything. Secure Firewall helps you plan, prioritize, close gaps, and recover from disaster—stronger.
Lean on AI that simplifies policy management
Streamlining workflows. Finding misconfigurations. Auto-generating rules. With thousands of policies to manage and threats pouring in, Cisco AI Assistant saves time by simplifying how you manage firewall policy.
Achieve superior visibility
Regain visibility and control of your encrypted traffic and application environments. See more and detect more with Cisco Talos, while leveraging billions of signals across your infrastructure with security resilience.
Drive efficiency at scale
Secure Firewall supports advanced clustering, high availability, and multi-instance capabilities, enabling you to bring scalability, reliability, and productivity across your teams and hybrid network environments.
Make zero trust practical
Secure Firewall makes a zero-trust posture achievable and cost-effective with network, microsegmentation, and app security integrations. Automate access and anticipate what comes next.
Find the ideal firewall for your business
1000 Series
Best for smaller businesses and branch offices.
1200 Series
Advanced security for distributed enterprise branches in a compact, high-performing form factor.
3100 Series
Enhanced for medium-sized enterprises, with the flexibility to grow in the future.
4200 Series
Experience faster threat detection with greater visibility and the agility to safeguard large enterprise data center and campus networks.
9300 Series
Optimized for service providers and high-performance data centers.
Secure Firewall Threat Defense Virtual
Virtual firewalls for consistent policies across physical, cloud, and hyperconverged environments.
Secure Firewall ISA3000
Rugged design for manufacturing, industrial, and operational technology environments.
Secure WAF and bot protection
Enhance application security and resilience for today’s digital enterprise with Secure WAF and bot protection.
DDoS protection
Defend against attacks that flood your network with traffic, impacting access to apps and business-critical services.
Why migrate?
Level up your security posture with the latest capabilities for unified network and workload micro-segmentation protection.
Experience Firewall Management Center in action
See how you can centralize and simplify your firewall admin and intrusion prevention. With visibility across ever-changing and global networks, you can manage modern applications and malware outbreaks in real time.
Get 3 vital protections in a single step
You don't have to trade security for productivity. The Cisco Security Step-Up promotion deploys three powerful lines of defense that are simple, secure, and resilient for your business. Defend every critical attack vector–email, web traffic, and user credentials—in one easy step.
Explore the evolution of network security
We asked hundreds of IT and security professionals how they’re managing threats and using firewall in the face of AI, cloud complexity, and more. Here’s how they’re meeting those challenges.
Cisco Community: Connect with peers and experts
Cisco Community is your destination for product advice, a place to foster connections and share your knowledge.
Find the latest content and resources to help you learn more about Cisco Secure Firewall.
Add value to security solutions
Cisco Security Enterprise Agreement
Instant savings
Experience security software buying flexibility with one easy-to-manage agreement.
Services for security
Let the experts secure your business
Get more from your investments and enable constant vigilance to protect your organization.
Customer stories and insights
Powering fuel providers.
Ampol's global business includes refineries, fueling stations, and corporate offices. The company's infrastructure and retail operations are protected and connected with Cisco technology.
Ampol Limited
Reducing cybersecurity risk
A zero-trust approach to security protects the privacy of patients' personal data at this Ohio children's hospital.
Dayton Children’s
Better wireless access and security
A Texas school district turned to Cisco technology to bring ubiquitous, reliable wireless access to students while assuring proactive network monitoring capabilities.
Protecting networks and assets
A Michigan-based credit union protects the digital security of its hybrid workforce, customers, and assets with help from Cisco.
Lake Trust Credit Union
Boosting visibility and security
This Indiana university provides reliable and safe network access with Cisco's unified security ecosystem as its foundation for zero trust.
Marian University
The NFL relies on Cisco
From the draft to Super Bowl Sunday, the NFL relies on Cisco to protect billions of devices, endpoints, and users from cyber threats. What does that look like on game day? Watch the video on the story page to find out.
National Football League
Share your experience. Create a safer digital world.
Join us in shaping the future of cybersecurity and creating a safer digital world, one story at a time.
Simple, visible, and unified
Unify security across your high-performing data centers, providing superior visibility and efficiency. Then watch it work with ease.
- Article Information
Data Sharing Statement
- As Ozempic’s Popularity Soars, Here’s What to Know About Semaglutide and Weight Loss JAMA Medical News & Perspectives May 16, 2023 This Medical News article discusses chronic weight management with semaglutide, sold under the brand names Ozempic and Wegovy. Melissa Suran, PhD, MSJ
- Patents and Regulatory Exclusivities on GLP-1 Receptor Agonists JAMA Special Communication August 15, 2023 This Special Communication used data from the US Food and Drug Administration to analyze how manufacturers of brand-name glucagon-like peptide 1 (GLP-1) receptor agonists have used patent and regulatory systems to extend periods of market exclusivity. Rasha Alhiary, PharmD; Aaron S. Kesselheim, MD, JD, MPH; Sarah Gabriele, LLM, MBE; Reed F. Beall, PhD; S. Sean Tu, JD, PhD; William B. Feldman, MD, DPhil, MPH
- What to Know About Wegovy’s Rare but Serious Adverse Effects JAMA Medical News & Perspectives December 12, 2023 This Medical News article discusses Wegovy, Ozempic, and other GLP-1 receptor agonists used for weight management and type 2 diabetes. Kate Ruder, MSJ
- GLP-1 Receptor Agonists and Gastrointestinal Adverse Events—Reply JAMA Comment & Response March 12, 2024 Ramin Rezaeianzadeh, BSc; Mohit Sodhi, MSc; Mahyar Etminan, PharmD, MSc
- GLP-1 Receptor Agonists and Gastrointestinal Adverse Events JAMA Comment & Response March 12, 2024 Karine Suissa, PhD; Sara J. Cromer, MD; Elisabetta Patorno, MD, DrPH
- GLP-1 Receptor Agonist Use and Risk of Postoperative Complications JAMA Research Letter May 21, 2024 This cohort study evaluates the risk of postoperative respiratory complications among patients with diabetes undergoing surgery who had vs those who had not a prescription fill for glucagon-like peptide 1 receptor agonists. Anjali A. Dixit, MD, MPH; Brian T. Bateman, MD, MS; Mary T. Hawn, MD, MPH; Michelle C. Odden, PhD; Eric C. Sun, MD, PhD
- Glucagon-Like Peptide-1 Receptor Agonist Use and Risk of Gallbladder and Biliary Diseases JAMA Internal Medicine Original Investigation May 1, 2022 This systematic review and meta-analysis of 76 randomized clinical trials examines the effects of glucagon-like peptide-1 receptor agonist use on the risk of gallbladder and biliary diseases. Liyun He, MM; Jialu Wang, MM; Fan Ping, MD; Na Yang, MM; Jingyue Huang, MM; Yuxiu Li, MD; Lingling Xu, MD; Wei Li, MD; Huabing Zhang, MD
- Cholecystitis Associated With the Use of Glucagon-Like Peptide-1 Receptor Agonists JAMA Internal Medicine Research Letter October 1, 2022 This case series identifies cases reported in the US Food and Drug Administration Adverse Event Reporting System of acute cholecystitis associated with use of glucagon-like peptide-1 receptor agonists that did not have gallbladder disease warnings in their labeling. Daniel Woronow, MD; Christine Chamberlain, PharmD; Ali Niak, MD; Mark Avigan, MDCM; Monika Houstoun, PharmD, MPH; Cindy Kortepeter, PharmD
See More About
Select your interests.
Customize your JAMA Network experience by selecting one or more topics from the list below.
- Academic Medicine
- Acid Base, Electrolytes, Fluids
- Allergy and Clinical Immunology
- American Indian or Alaska Natives
- Anesthesiology
- Anticoagulation
- Art and Images in Psychiatry
- Artificial Intelligence
- Assisted Reproduction
- Bleeding and Transfusion
- Caring for the Critically Ill Patient
- Challenges in Clinical Electrocardiography
- Climate and Health
- Climate Change
- Clinical Challenge
- Clinical Decision Support
- Clinical Implications of Basic Neuroscience
- Clinical Pharmacy and Pharmacology
- Complementary and Alternative Medicine
- Consensus Statements
- Coronavirus (COVID-19)
- Critical Care Medicine
- Cultural Competency
- Dental Medicine
- Dermatology
- Diabetes and Endocrinology
- Diagnostic Test Interpretation
- Drug Development
- Electronic Health Records
- Emergency Medicine
- End of Life, Hospice, Palliative Care
- Environmental Health
- Equity, Diversity, and Inclusion
- Facial Plastic Surgery
- Gastroenterology and Hepatology
- Genetics and Genomics
- Genomics and Precision Health
- Global Health
- Guide to Statistics and Methods
- Hair Disorders
- Health Care Delivery Models
- Health Care Economics, Insurance, Payment
- Health Care Quality
- Health Care Reform
- Health Care Safety
- Health Care Workforce
- Health Disparities
- Health Inequities
- Health Policy
- Health Systems Science
- History of Medicine
- Hypertension
- Images in Neurology
- Implementation Science
- Infectious Diseases
- Innovations in Health Care Delivery
- JAMA Infographic
- Law and Medicine
- Leading Change
- Less is More
- LGBTQIA Medicine
- Lifestyle Behaviors
- Medical Coding
- Medical Devices and Equipment
- Medical Education
- Medical Education and Training
- Medical Journals and Publishing
- Mobile Health and Telemedicine
- Narrative Medicine
- Neuroscience and Psychiatry
- Notable Notes
- Nutrition, Obesity, Exercise
- Obstetrics and Gynecology
- Occupational Health
- Ophthalmology
- Orthopedics
- Otolaryngology
- Pain Medicine
- Palliative Care
- Pathology and Laboratory Medicine
- Patient Care
- Patient Information
- Performance Improvement
- Performance Measures
- Perioperative Care and Consultation
- Pharmacoeconomics
- Pharmacoepidemiology
- Pharmacogenetics
- Pharmacy and Clinical Pharmacology
- Physical Medicine and Rehabilitation
- Physical Therapy
- Physician Leadership
- Population Health
- Primary Care
- Professional Well-being
- Professionalism
- Psychiatry and Behavioral Health
- Public Health
- Pulmonary Medicine
- Regulatory Agencies
- Reproductive Health
- Research, Methods, Statistics
- Resuscitation
- Rheumatology
- Risk Management
- Scientific Discovery and the Future of Medicine
- Shared Decision Making and Communication
- Sleep Medicine
- Sports Medicine
- Stem Cell Transplantation
- Substance Use and Addiction Medicine
- Surgical Innovation
- Surgical Pearls
- Teachable Moment
- Technology and Finance
- The Art of JAMA
- The Arts and Medicine
- The Rational Clinical Examination
- Tobacco and e-Cigarettes
- Translational Medicine
- Trauma and Injury
- Treatment Adherence
- Ultrasonography
- Users' Guide to the Medical Literature
- Vaccination
- Venous Thromboembolism
- Veterans Health
- Women's Health
- Workflow and Process
- Wound Care, Infection, Healing
Others Also Liked
- Download PDF
- X Facebook More LinkedIn
Sodhi M , Rezaeianzadeh R , Kezouh A , Etminan M. Risk of Gastrointestinal Adverse Events Associated With Glucagon-Like Peptide-1 Receptor Agonists for Weight Loss. JAMA. 2023;330(18):1795–1797. doi:10.1001/jama.2023.19574
Manage citations:
© 2024
- Permissions
Risk of Gastrointestinal Adverse Events Associated With Glucagon-Like Peptide-1 Receptor Agonists for Weight Loss
- 1 Faculty of Medicine, University of British Columbia, Vancouver, British Columbia, Canada
- 2 StatExpert Ltd, Laval, Quebec, Canada
- 3 Department of Ophthalmology and Visual Sciences and Medicine, University of British Columbia, Vancouver, Canada
- Medical News & Perspectives As Ozempic’s Popularity Soars, Here’s What to Know About Semaglutide and Weight Loss Melissa Suran, PhD, MSJ JAMA
- Special Communication Patents and Regulatory Exclusivities on GLP-1 Receptor Agonists Rasha Alhiary, PharmD; Aaron S. Kesselheim, MD, JD, MPH; Sarah Gabriele, LLM, MBE; Reed F. Beall, PhD; S. Sean Tu, JD, PhD; William B. Feldman, MD, DPhil, MPH JAMA
- Medical News & Perspectives What to Know About Wegovy’s Rare but Serious Adverse Effects Kate Ruder, MSJ JAMA
- Comment & Response GLP-1 Receptor Agonists and Gastrointestinal Adverse Events—Reply Ramin Rezaeianzadeh, BSc; Mohit Sodhi, MSc; Mahyar Etminan, PharmD, MSc JAMA
- Comment & Response GLP-1 Receptor Agonists and Gastrointestinal Adverse Events Karine Suissa, PhD; Sara J. Cromer, MD; Elisabetta Patorno, MD, DrPH JAMA
- Research Letter GLP-1 Receptor Agonist Use and Risk of Postoperative Complications Anjali A. Dixit, MD, MPH; Brian T. Bateman, MD, MS; Mary T. Hawn, MD, MPH; Michelle C. Odden, PhD; Eric C. Sun, MD, PhD JAMA
- Original Investigation Glucagon-Like Peptide-1 Receptor Agonist Use and Risk of Gallbladder and Biliary Diseases Liyun He, MM; Jialu Wang, MM; Fan Ping, MD; Na Yang, MM; Jingyue Huang, MM; Yuxiu Li, MD; Lingling Xu, MD; Wei Li, MD; Huabing Zhang, MD JAMA Internal Medicine
- Research Letter Cholecystitis Associated With the Use of Glucagon-Like Peptide-1 Receptor Agonists Daniel Woronow, MD; Christine Chamberlain, PharmD; Ali Niak, MD; Mark Avigan, MDCM; Monika Houstoun, PharmD, MPH; Cindy Kortepeter, PharmD JAMA Internal Medicine
Glucagon-like peptide 1 (GLP-1) agonists are medications approved for treatment of diabetes that recently have also been used off label for weight loss. 1 Studies have found increased risks of gastrointestinal adverse events (biliary disease, 2 pancreatitis, 3 bowel obstruction, 4 and gastroparesis 5 ) in patients with diabetes. 2 - 5 Because such patients have higher baseline risk for gastrointestinal adverse events, risk in patients taking these drugs for other indications may differ. Randomized trials examining efficacy of GLP-1 agonists for weight loss were not designed to capture these events 2 due to small sample sizes and short follow-up. We examined gastrointestinal adverse events associated with GLP-1 agonists used for weight loss in a clinical setting.
We used a random sample of 16 million patients (2006-2020) from the PharMetrics Plus for Academics database (IQVIA), a large health claims database that captures 93% of all outpatient prescriptions and physician diagnoses in the US through the International Classification of Diseases, Ninth Revision (ICD-9) or ICD-10. In our cohort study, we included new users of semaglutide or liraglutide, 2 main GLP-1 agonists, and the active comparator bupropion-naltrexone, a weight loss agent unrelated to GLP-1 agonists. Because semaglutide was marketed for weight loss after the study period (2021), we ensured all GLP-1 agonist and bupropion-naltrexone users had an obesity code in the 90 days prior or up to 30 days after cohort entry, excluding those with a diabetes or antidiabetic drug code.
Patients were observed from first prescription of a study drug to first mutually exclusive incidence (defined as first ICD-9 or ICD-10 code) of biliary disease (including cholecystitis, cholelithiasis, and choledocholithiasis), pancreatitis (including gallstone pancreatitis), bowel obstruction, or gastroparesis (defined as use of a code or a promotility agent). They were followed up to the end of the study period (June 2020) or censored during a switch. Hazard ratios (HRs) from a Cox model were adjusted for age, sex, alcohol use, smoking, hyperlipidemia, abdominal surgery in the previous 30 days, and geographic location, which were identified as common cause variables or risk factors. 6 Two sensitivity analyses were undertaken, one excluding hyperlipidemia (because more semaglutide users had hyperlipidemia) and another including patients without diabetes regardless of having an obesity code. Due to absence of data on body mass index (BMI), the E-value was used to examine how strong unmeasured confounding would need to be to negate observed results, with E-value HRs of at least 2 indicating BMI is unlikely to change study results. Statistical significance was defined as 2-sided 95% CI that did not cross 1. Analyses were performed using SAS version 9.4. Ethics approval was obtained by the University of British Columbia’s clinical research ethics board with a waiver of informed consent.
Our cohort included 4144 liraglutide, 613 semaglutide, and 654 bupropion-naltrexone users. Incidence rates for the 4 outcomes were elevated among GLP-1 agonists compared with bupropion-naltrexone users ( Table 1 ). For example, incidence of biliary disease (per 1000 person-years) was 11.7 for semaglutide, 18.6 for liraglutide, and 12.6 for bupropion-naltrexone and 4.6, 7.9, and 1.0, respectively, for pancreatitis.
Use of GLP-1 agonists compared with bupropion-naltrexone was associated with increased risk of pancreatitis (adjusted HR, 9.09 [95% CI, 1.25-66.00]), bowel obstruction (HR, 4.22 [95% CI, 1.02-17.40]), and gastroparesis (HR, 3.67 [95% CI, 1.15-11.90) but not biliary disease (HR, 1.50 [95% CI, 0.89-2.53]). Exclusion of hyperlipidemia from the analysis did not change the results ( Table 2 ). Inclusion of GLP-1 agonists regardless of history of obesity reduced HRs and narrowed CIs but did not change the significance of the results ( Table 2 ). E-value HRs did not suggest potential confounding by BMI.
This study found that use of GLP-1 agonists for weight loss compared with use of bupropion-naltrexone was associated with increased risk of pancreatitis, gastroparesis, and bowel obstruction but not biliary disease.
Given the wide use of these drugs, these adverse events, although rare, must be considered by patients who are contemplating using the drugs for weight loss because the risk-benefit calculus for this group might differ from that of those who use them for diabetes. Limitations include that although all GLP-1 agonist users had a record for obesity without diabetes, whether GLP-1 agonists were all used for weight loss is uncertain.
Accepted for Publication: September 11, 2023.
Published Online: October 5, 2023. doi:10.1001/jama.2023.19574
Correction: This article was corrected on December 21, 2023, to update the full name of the database used.
Corresponding Author: Mahyar Etminan, PharmD, MSc, Faculty of Medicine, Departments of Ophthalmology and Visual Sciences and Medicine, The Eye Care Center, University of British Columbia, 2550 Willow St, Room 323, Vancouver, BC V5Z 3N9, Canada ( [email protected] ).
Author Contributions: Dr Etminan had full access to all of the data in the study and takes responsibility for the integrity of the data and the accuracy of the data analysis.
Concept and design: Sodhi, Rezaeianzadeh, Etminan.
Acquisition, analysis, or interpretation of data: All authors.
Drafting of the manuscript: Sodhi, Rezaeianzadeh, Etminan.
Critical review of the manuscript for important intellectual content: All authors.
Statistical analysis: Kezouh.
Obtained funding: Etminan.
Administrative, technical, or material support: Sodhi.
Supervision: Etminan.
Conflict of Interest Disclosures: None reported.
Funding/Support: This study was funded by internal research funds from the Department of Ophthalmology and Visual Sciences, University of British Columbia.
Role of the Funder/Sponsor: The funder had no role in the design and conduct of the study; collection, management, analysis, and interpretation of the data; preparation, review, or approval of the manuscript; and decision to submit the manuscript for publication.
Data Sharing Statement: See Supplement .
- Register for email alerts with links to free full-text articles
- Access PDFs of free articles
- Manage your interests
- Save searches and receive search alerts
- COVID-19 Full Coverage
- Cover Stories
- Ulat Filipino
- Special Reports
- Personal Finance
- Other sports
- Pinoy Achievers
- Immigration Guide
- Science and Research
- Technology, Gadgets and Gaming
- Chika Minute
- Showbiz Abroad
- Family and Relationships
- Art and Culture
- Health and Wellness
- Shopping and Fashion
- Hobbies and Activities
- News Hardcore
- Walang Pasok
- Transportation
- Missing Persons
- Community Bulletin Board
- GMA Public Affairs
- State of the Nation
- Unang Balita
- Balitanghali
- News TV Live
PH intel fusion center eyed to boost cybersecurity —DICT
The Department of Information and Communications Technology (DICT) outlined its strategies to secure the Philippines’ cybersecurity landscape under the National CyberSecurity Plan (NCSP) 2023-2028.
The plan aims to establish a trusted, secure, and reliable cyberspace for every Filipino, according to DICT Critical Infrastructure Evaluation and Cybersecurity Standards Division officer-in-charge George Tardio during his discussion at the 2024 BaLinkBayan Stakeholders Conference on Wednesday,
“We have to have [all] particular issues solved or focused bago pa mahuli ang lahat… It’s really evolving, it changes every second pag nagiimbestiga po kami. Hindi sila nasasatisfy,” said Tardio.
(We have to have [all] particular issues solved or focused before it’s too late… It’s really evolving, it changes every second when we investigate. They are not satisfied)
The DICT has prepared three ideal outcomes that would result in a more secure Philippine Cyber Landscape.
NCSP outcomes
The first outcome focused on protecting the Philippine cyberspace by enhancing and strengthening the government’s network and organizing response teams, database and detection protocols in case of cyber-attacks.
“Kung halimbawa nagkaroon ng major incidents, pinupuntahan natin and we are working 24/7… Sa ngayon, limited ang manpower [and] that’s why nakita namin na talagang ito ay kailangan i-strengthen,” said Tardio.
(If there were major incidents, for example, we would go there and we are working 24/7… As of now, the manpower is limited [and] that’s why we can see that it is what we really need to strengthen)
DICT also aims to establish a national network of Computer Emergency Response Teams (CERTs) and a National Cybersecurity Intelligence Fusion Center to oversee all sectors of the country, including private sectors and defense sectors.
“What is missing right now is that when we detect particular threats, di po expertise ng DICT to determine whether this particular threat ay may national security concern. Ang trabaho po ng Fusion Center na to is tignan po yun such that kapag nalaman, the DICT will now start uncovering all the artefacts as a result of the initial investigation sa threats na yun,” Tardio shared.
(What is missing right now is that when we detect particular threats, it is not the expertise of the DICT to determine whether this particular threat has a national security concern. The work of the Fusion Center will be to look into it as such that if it is found, the DICT will now start uncovering all the artefacts as a result of the initial investigation on those threats)
Under Outcome 1, DICT also intends to adopt a six-stage incident response model for cybersecurity incidents —Identify, Contain, Analyze, Eradicate, Recover, and Lesson Learned.
“Gusto lang natin iisa ang tinitignan… Iisa yung bible, iisa ang reference na tinitignan in terms of cyber-incident response handling or investigation,” he continued.
(We only want to look at one thing… There would only be one bible, one reference to look at in terms of cyber-incident response handling or investigation)
Under Outcome 2, the DICT said that they aimed to increase the capabilities of the cybersecurity workforce in the Philippines.
Such efforts included the establishment of an ICT Academy to create a Cybersecurity Center of Excellence and revising the index of cybersecurity-related occupations.
The declaration of October as CyberSecurity Awareness Month under Proclamation No. 353 in 2023 also falls under this outcome.
Outcome 3 outlines efforts to strengthen the cybersecurity policy framework in the country.
The NCSP 2023-2028 Strategic Framework Outlines the National Cybersecurity Inter-Agency Committee (NCIAC), which acts as the “convergence point for implementing cybersecurity policies and strategies.”
The NCIAC lists Policy and Technological Control, National Security, Cybercrime, and Socio-Economic Prosperity as key policy areas where cybersecurity is needed.
DICT also seeks for an executive order to protect Critical Information Infrastructure to protect data according to certain criteria ranging from Environmental Assets to Critical Assets, as well as other policies and guidelines for service providers, devices, and other digital assets.
“Each agency should craft your own cybersecurity or cybercrime strategy aligning with this plan,” he said.
Threats encountered in the PH cyberspace
The Philippines is a hot target for cybercrime due to the increasing digitalization of services, rising internet penetration, and lack of cybersecurity awareness in the country, DICT said.
“Nagiging favorite [place] tayo iattack ng mga actors na yan… Nagiging oportunidad sa kanila ng attackers,” Tardio commented.
(We are becoming the favorite [place] for these actors to attack… It is becoming an opportunity for attackers)
Among the listed common cyber threats experienced in the Philippines were malware, Phishing, Ransomware, Denial-of-Service (DoS) attacks, Social Engineering, and Zero-Day Attacks.
To combat said issues, DICT recommended implementing general security measures, which include implementing cybersecurity policies, regularly updating software and systems, and conducting cybersecurity awareness training.
“The digital landscape is constantly evolving, creating new opportunities and challenges. It’s really evolving, it changes every second kapag nagiimbestiga po kami. Hindi sila nasasatisfy na okay na ito at nakita ko na ang kahinaan ng agency,” he said.
(The digital landscape is constantly evolving, creating new opportunities and challenges. It’s really evolving, it changes every second when we are investigating. They are not satisfied with just knowing the weakness of an agency)
The NCSP 2023-2028 was created under Executive Order No. 58, Series of 2024 was implemented under President Ferdinand Marcos Jr.’s Executive Order 58, "as part of the administration's efforts to strengthen the security and resilience of the country's cyberspace."
“The NCSP 2023-2028 is hereby adopted as the whole-of-nation roadmap for the integrated development and strategic direction of the country's cybersecurity," according to EO 58.
Amid present threats, DICT vowed to increase cybersecurity, growing partnerships, and investment in cybersecurity as a positive outcome to the growing cyberspace in the country. —LDF, GMA Integrated News
Publication Links
- Author Guidelines
- Publication Policies
- Metadata Harvesting (OAI2)
- Digital Archiving Policy
- Promote your Publication
- About the Journal
- Call for Papers
- Submit your Paper
- Current Issue
- Apply as a Reviewer
- Indexing & Archiving
Special Issues
- Guest Editors
Future of Information and Communication Conference (FICC)
- Submit your Paper/Poster
Computing Conference
Intelligent Systems Conference (IntelliSys)
Future Technologies Conference (FTC)
DOI: 10.14569/IJACSA.2024.0150873 PDF
Using Pretrained VGG19 Model and Image Segmentation for Rice Leaf Disease Classification
Author 1: Gulbakhram Beissenova Author 2: Almira Madiyarova Author 3: Akbayan Aliyeva Author 4: Gulsara Mambetaliyeva Author 5: Yerzhan Koshkarov Author 6: Nagima Sarsenbiyeva Author 7: Marzhan Chazhabayeva Author 8: Gulnara Seidaliyeva
International Journal of Advanced Computer Science and Applications(IJACSA), Volume 15 Issue 8, 2024.
- Abstract and Keywords
- How to Cite this Article
- {} BibTeX Source
Abstract: This study explores the application of the VGG19 convolutional neural network (CNN) model, pre-trained on ImageNet, for the classification of rice crop diseases using image segmentation techniques. The research aims to enhance disease detection accuracy by integrating a robust deep learning framework tailored to the specific challenges of agricultural pathology. A dataset comprising 200 images categorized into four disease classes was employed to train and validate the model. Techniques such as data augmentation, dropout, and dynamic learning rate adjustments were utilized to improve model training and prevent overfitting. The model's performance was evaluated using metrics including accuracy, precision, recall, and F1-score, with a particular focus on the ability to generalize to unseen data. Results indicated a high overall accuracy exceeding 90%, showcasing the model’s capability to effectively classify rice crop diseases. Challenges such as class-specific misclassification were addressed through the model’s learning strategy, highlighting areas for further enhancement. The research contributes to the field by demonstrating the potential of using pre-trained CNN models, adapted through fine-tuning and robust training techniques, to significantly improve disease detection in crops, thereby supporting sustainable agricultural practices and enhancing food security. Future work will explore the integration of multimodal data and real-time detection systems to broaden the applicability and effectiveness of the technology in diverse agricultural settings.
Gulbakhram Beissenova, Almira Madiyarova, Akbayan Aliyeva, Gulsara Mambetaliyeva, Yerzhan Koshkarov, Nagima Sarsenbiyeva, Marzhan Chazhabayeva and Gulnara Seidaliyeva, “Using Pretrained VGG19 Model and Image Segmentation for Rice Leaf Disease Classification” International Journal of Advanced Computer Science and Applications(IJACSA), 15(8), 2024. http://dx.doi.org/10.14569/IJACSA.2024.0150873
@article{Beissenova2024, title = {Using Pretrained VGG19 Model and Image Segmentation for Rice Leaf Disease Classification}, journal = {International Journal of Advanced Computer Science and Applications}, doi = {10.14569/IJACSA.2024.0150873}, url = {http://dx.doi.org/10.14569/IJACSA.2024.0150873}, year = {2024}, publisher = {The Science and Information Organization}, volume = {15}, number = {8}, author = {Gulbakhram Beissenova and Almira Madiyarova and Akbayan Aliyeva and Gulsara Mambetaliyeva and Yerzhan Koshkarov and Nagima Sarsenbiyeva and Marzhan Chazhabayeva and Gulnara Seidaliyeva} }
Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.
Upcoming Conferences
Future of Information and Communication Conference (FICC) 2025
28-29 April 2025
- Berlin, Germany
Computing Conference 2025
19-20 June 2025
- London, United Kingdom
IntelliSys 2024
5-6 September 2024
- Amsterdam, The Netherlands
Future Technologies Conference (FTC) 2024
14-15 November 2024
Academia.edu no longer supports Internet Explorer.
To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to upgrade your browser .
Enter the email address you signed up with and we'll email you a reset link.
- We're Hiring!
- Help Center
Network Security: A Practical Approach
Related Papers
IJIRT Journal
Habeeb Rayapati
International Journal of Innovative Science and Research Technology
Narendra Chahar
Network security is becoming increasingly important to personal computer users, businesses, and the military. Security became a major concern with the advent of the internet, and understanding the history of security allows a better understanding of the emergence of security technology. Many security threats can occur due to the structure of the internet. If the internet's architecture is changed, it can reduce the number of possible attacks that can be sent across the network. Knowing the attack methods enables us to respond with adequate security. Many businesses use firewalls and encryption mechanisms to protect themselves from the internet. To stay connected to the internet, businesses create an "intranet.
Liam Landers
STELLAH AHUMUZA
its used by students studying selected topics in computer science
Victoria Brown
mbah bk mbah bk
Ashok Kumar A KBSS
International Journal IJRITCC
Computer world security management is essential resource for all the latest news, analysis, case studies and reviews on authentication, business continuity and disaster recovery, data control, security infrastructure, intellectual property, privacy standards, law, threats cyber crime and hacking and identity fraud and theft. This section covers secrecy, reliable storage and encryption. security, protecting data from unauthorized access, protecting data from damage and ROM either an external or an internal source, and a disgruntled employee could easily do much harm.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.
RELATED PAPERS
Communications and Network
Emmanuel Kolawole
Tito W Purboyo
Dr.Sasikumar Gurumoorthy
Computer Engineering and Intelligent Systems
Oluwasanmi R I C H A R D Arogundade
Jonathan Kolo
Interal Res journa Managt Sci Tech
INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT
ambarish patel
Kwame Sarpong
Susan Lincke
Ijesrt Journal
IJCSE Editor
Network Security
Christos Douligeris
GJESR Journal
Lahar Singh Nishad
http://ijeie.jalaxy.com.tw/contents/ijeie-v8-n2/ijeie-v8-n2.pdf 8 (2), 135 - 144
shamimul islam
Fatemeh Soleimani
PURNA CHANDRA SETHI
Information Systems Security
Manpreet Singh
The Open Automation and Control Systems Journal
Gurjeet Singh
Chanchala Joshi
Jameson Mbale
RELATED TOPICS
- We're Hiring!
- Help Center
- Find new research papers in:
- Health Sciences
- Earth Sciences
- Cognitive Science
- Mathematics
- Computer Science
- Academia ©2024
IMAGES
VIDEO
COMMENTS
Network Security Monitoring (NSM) is a popular term to refer to the detection of security incidents by monitoring the network events. An NSM system is central for the security of current networks, given the escalation in sophistication of cyberwarfare. In this paper, we review the state-of-the-art in NSM, and derive a new taxonomy of the functionalities and modules in an NSM system. This ...
The report proposes new research directions to advance research. This paper discusses network security for secure data communication. Discover the world's research. 25+ million members;
Network Security: Network security protects the computer network from disruptors, which can be malware or hacking. Network security is a set of solutions that enable organizations to keep computer networks out of the reach of hackers, organized attackers, and malware (Zhang, 2021). Download: Download high-res image (282KB)
Most new research deploys AI/ML for security tasks. AI/ML can potentially disrupt the classical principles of network security by introducing fast reactions to anomalies detected in the network and, sometimes, even by preventing the attacks before they impact the network.
An overview of new security and privacy issues particular to 6G networks is provided and discussed. ... We hope that this discussion will stimulate people's interest and further research on 6G network security and privacy issues. ... Key Drivers and Research Chal-¨ Lenges for 6g Ubiquitous Wireless Intelligence (White Paper), 6G Flagship ...
Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse,... | Explore the latest full-text research PDFs ...
1 code implementation • 17 Jul 2015. While a great amount of research has been conducted on network security of office and home networks, recently the security of CPS and related systems has gained a lot of attention. Networking and Internet Architecture Cryptography and Security. 158. Paper.
The increasing complexity and dynamic nature of software-defined networking (SDN) environments pose significant challenges for network security. We propose a methodology for enhancing the security of SDN systems through the use of a well established technique in forensic sciences, the memory analysis, combined with techniques to identify memory modifications, such as signature validation and ...
In this paper, the graph sample and aggregate-attention network with war strategy optimization algorithm for cyber security in the 5G wireless communication network (CS-5GWCN-GSAAN-WSOA) is proposed in 5G mobile networks to identify cyber threats. Initially, the input data are amassed from the 5G-NIDD dataset.
Network risk assessment should include the impact of the relationship between vulnerabilities, in order to conduct a more in-depth and comprehensive assessment of vulnerabilities and network-related risks. However, the impact of extracting the relationship between vulnerabilities mainly relies on manual processes, which are subjective and inefficient. To address these issues, this paper ...
Abstract. Network security is a specialized field consisting of the provisions and policies to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources as well as ensuring their availability through proper procedures. Many security devices are being developed and deployed to ...
Moreover, the emergence of fraudulent ransomware and advanced persistent threats (APTs) poses a direct risk to national security and societal stability. This paper offers an in-depth examination of the prevailing state of cybersecurity and suggests strategies for the development of information security surveillance and early warning systems, as ...
The information and software layers are potential entry points for DDoS assaults. The flow-based policies frequently collide at the application layer, giving rise to safety issues. The central nervous system of the network's components is the SDN controller located at the control layer.
The NCCoE is launching a new series of papers on 5G cybersecurity and privacy that will provide recommended practices and illustrate how to implement them. All of the featured capabilities have been implemented in the NCCoE testbed on commercial-grade 5G equipment. The first two drafts in this series are open for public comment through September 16, 2024.
Mitigate Risks and Threads. Priyanka Dedakia. Department of Computing and information. Bournemouth University. Bournemouth, U.K. [email protected]. Abstract — Network security is a set ...
Original papers are invited on Computer Networks, Network Protocols and Wireless Networks, Data Communication Technologies, and Network Security. The goal of this Conference is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
In order to solve this problem, this paper studies a network security situational awareness solution for new energy industrial control systems. This solution is an industrial control security protection method for new energy power plants based on probabilistic attack graphs. First, knowledge graph technology is used to semantically associate ...
The SEI Digital Library provides access to more than 6,000 documents from three decades of research into best practices in software engineering. These documents include technical reports, presentations, webcasts, podcasts and other materials searchable by user-supplied keywords and organized by topic, publication type, publication year, and author.
According to NIST, SUCI is "an optional 5G capability which provides important security and privacy protections for subscriber identifiers." NIST is looking for comments on the white paper series by Sept. 16. The agency also invites stakeholders to join the 5G Community of Interest to be notified when it releases a paper.
In 2024, these will be the top cybersecurity trends. A. Exciting Mobile Cyber Security Research Paper Topics. The significance of continuous user authentication on mobile gadgets. The efficacy of different mobile security approaches. Detecting mobile phone hacking.
"When you read (Project 2025)," Harris told a crowd July 23 in Wisconsin, "you will see, Donald Trump intends to cut Social Security and Medicare." The Project 2025 document does not call ...
The 25 disruptive technologies to watch on the Gartner, Inc. Hype Cycle for Emerging Technologies, 2024 fall into four key areas: autonomous AI, developer productivity, total experience, and human-centric security and privacy programs. "Generative AI (GenAI) is over the Peak of Inflated Expectations as business focus continues to shift from excitement around foundation models to use cases ...
This study by Schoretsanitis et al. identified 107 cases of suicidal and self-injurious adverse drug reactions (ADRs) with semaglutide and 162 with liraglutide, highlighting disproportionality for suicidal ideation with semaglutide, especially in patients using antidepressants or benzodiazepines.
See, try, or buy a firewall See what's new. Overview Resources Community. See, try, or buy a firewall. Anticipate, act, and simplify with Secure Firewall. ... Explore the evolution of network security We asked hundreds of IT and security professionals how they're managing threats and using firewall in the face of AI, cloud complexity, and ...
Abstract and Figures. Secure Network has now become a need of any organization. The security threats are increasing day by day and making high speed wired/wireless network and internet services ...
International Journal of Science and Research (IJSR) ISSN: 2319-7064 ResearchGate Impact Factor (2018): 0.28 | SJIF (2018): 7.426 Volume 9 Issue 1, January 2020 www.ijsr.net Licensed Under Creative Commons Attribution CC BY Modern cryptography is the keystone of computer and communications security. Its base is based on various
We used a random sample of 16 million patients (2006-2020) from the PharMetrics Plus for Academics database (IQVIA), a large health claims database that captures 93% of all outpatient prescriptions and physician diagnoses in the US through the International Classification of Diseases, Ninth Revision (ICD-9) or ICD-10. In our cohort study, we included new users of semaglutide or liraglutide, 2 ...
To combat said issues, DICT recommended implementing general security measures, which include implementing cybersecurity policies, regularly updating software and systems, and conducting cybersecurity awareness training. "The digital landscape is constantly evolving, creating new opportunities and challenges.
This study explores the application of the VGG19 convolutional neural network (CNN) model, pre-trained on ImageNet, for the classification of rice crop diseases using image segmentation techniques. The research aims to enhance disease detection accuracy by integrating a robust deep learning framework tailored to the specific challenges of agricultural pathology.
Computer world security management is essential resource for all the latest news, analysis, case studies and reviews on authentication, business continuity and disaster recovery, data control, security infrastructure, intellectual property, privacy standards, law, threats cyber crime and hacking and identity fraud and theft.