Biblio

Artificial intelligence (AI) was engendered by the rapid development of high and new technologies, which altered the environment of business financial audits and caused problems in recent years. As the pioneers of enterprise financial monitoring, auditors must actively and proactively adapt to the new audit environment in the age of AI. However, the performances of the auditors during the adaptation process are not so favorable. In this paper, methods such as data analysis and field research are used to conduct investigations and surveys. In the process of applying AI to the financial auditing of a business, a number of issues are discovered, such as auditors' underappreciation, information security risks, and liability risk uncertainty. On the basis of the problems, related suggestions for improvement are provided, including the cultivation of compound talents, the emphasis on the value of auditors, and the development of a mechanism for accepting responsibility.

A distributed denial of service attack is a major security challenge in modern communications networks. In this article, we propose models that capture all the key performance indicators of synchronized denial of service protection mechanisms. As a result of the conducted researches, it is found out that thanks to the method of delay detection it is possible to recognize semi-open connections that are caused by synchronous flood and other attacks at an early stage. The study provides a mechanism for assessing the feasibility of introducing and changing the security system of a wireless sensor network. The proposed methodology will allow you to compare the mechanisms of combating denial of service for synchronized failures and choose the optimal protection settings in real-time.

The Common Weakness Enumeration (CWE) is a prominent list of software weakness types. This list is used by vulnerability databases to describe the underlying security flaws within analyzed vulnerabilities. This linkage opens the possibility of using the analysis of software vulnerabilities to identify the most significant weaknesses that enable those vulnerabilities. We accomplish this through creating mashup views combining CWE weakness taxonomies with vulnerability analysis data. The resulting graphs have CWEs as nodes, edges derived from multiple CWE taxonomies, and nodes adorned with vulnerability analysis information (propagated from children to parents). Using these graphs, we develop a suite of metrics to identify the most significant weakness types (using the perspectives of frequency, impact, exploitability, and overall severity).

We have proposed the Media Access Control method based on the Synchronization Phenomena of coupled oscillators (SP-MAC) to improve a total throughput of wireless terminals connected to a Access Point. SP-MAC can avoid the collision of data frames that occur by applying Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) based on IEEE 802.11 in Wireless local area networks (WLAN). Furthermore, a new throughput guarantee control method based on SP-MAC has been proposed. This method enable each terminal not only to avoid the collision of frames but also to obtain the requested throughput by adjusting the parameters of SP-MAC. In this paper, we propose a new throughput control method that realizes the fairness among groups of terminals that use the different TCP versions, by taking the advantage of our method that is able to change acquired throughput by adjusting parameters. Moreover, we confirm the effectiveness of the proposed method by the simulation evaluation.

We study the power of interactivity in local differential privacy. First, we focus on the difference between fully interactive and sequentially interactive protocols. Sequentially interactive protocols may query users adaptively in sequence, but they cannot return to previously queried users. The vast majority of existing lower bounds for local differential privacy apply only to sequentially interactive protocols, and before this paper it was not known whether fully interactive protocols were more powerful. We resolve this question. First, we classify locally private protocols by their compositionality, the multiplicative factor by which the sum of a protocol's single-round privacy parameters exceeds its overall privacy guarantee. We then show how to efficiently transform any fully interactive compositional protocol into an equivalent sequentially interactive protocol with a blowup in sample complexity linear in this compositionality. Next, we show that our reduction is tight by exhibiting a family of problems such that any sequentially interactive protocol requires this blowup in sample complexity over a fully interactive compositional protocol. We then turn our attention to hypothesis testing problems. We show that for a large class of compound hypothesis testing problems - which include all simple hypothesis testing problems as a special case - a simple noninteractive test is optimal among the class of all (possibly fully interactive) tests.

Industrial Internet of Things (IIoT) is a trend of the smart industry. By collecting field data from sensors, the industry can make decisions dynamically in time for better performance. In most cases, IIoT is built on private networks and cannot be reached from the Internet. Currently, data transmission in most of IIoT network protocols is in plaintext without encryption protection. Once an attacker breaks into the field, the attacker can intercept data and injects malicious commands to field agents. In this paper, we propose a compound approach for defending command injection attacks in IIOT. First, we leverage the power of Software Defined Networking (SDN) to detect the injection attack. When the injection attack event is detected, the system owner is alarmed that someone tries to pretend a controller or a field agent to deceive the other entity. Second, we develop a lightweight authentication scheme to ensure the identity of the command sender. Command receiver can verify commands first before processing commands.

More and more advanced persistent threat attacks has happened since 2009. This kind of attacks usually use more than one zero-day exploit to achieve its goal. Most of the times, the target computer will execute malicious program after the user open an infected compound document. The original detection method becomes inefficient as the attackers using a zero-day exploit to structure these compound documents. Inspired by the detection method based on structural entropy, we apply wavelet analysis to malicious document detection system. In our research, we use wavelet analysis to extract features from the raw data. These features will be used todetect whether the compound document was embed malicious code.