乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T13:41:56Z","timestamp":1725889316052},"reference-count":133,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2022,3,8]],"date-time":"2022-03-08T00:00:00Z","timestamp":1646697600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Ministry of Science and Higher Education of Russia","award":["FEWM-2020-0037 (TUSUR)"]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"Information security is one of the most important attributes of distributed systems that often operate on unreliable networks. Enabling security features during the development of a distributed system requires the careful analysis of potential attacks or threats in different contexts, a process often referred to as \u00abthreat modeling\u00bb. Information protection should be comprehensive, but it is also necessary to take into account the possibility of the emergence of threats specific to a certain information system. Many public and private organizations are still trying to implement system models and the threats directed at them on their own. The main reason for this is the lack of useful and high-quality methodologies that can help developers design system models. This review explores a variety of the literature on confidentiality- and integrity-aware system design methodologies, as well as threat classification methods, and identifies key issues that may be referenced by organizations to make design system processes easier. In particular, this article takes a look at the extent to which existing methodologies cover objects of protection and methods of classifying threats, as well as whether there are such models of systems in which the object itself and the threats directed at it are described. This includes whether the compiled models exhibit symmetry or asymmetry. This literature research shows that methodologies appear to be heterogeneous and versatile, since existing methodologies often only focus on one object of protection (a system). Based on the given analysis, it can be concluded that the existing methodologies only relate superficially to the description of system models and threats, and it is necessary to develop a more complete abstract model of the protected object and threats aimed at it in order to make this model suitable for any organization and protect it against most threats.<\/jats:p>","DOI":"10.3390\/sym14030549","type":"journal-article","created":{"date-parts":[[2022,3,9]],"date-time":"2022-03-09T06:50:53Z","timestamp":1646808653000},"page":"549","source":"Crossref","is-referenced-by-count":5,"title":["A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"http:\/\/orcid.org\/0000-0002-3222-9956","authenticated-orcid":false,"given":"Anton","family":"Konev","sequence":"first","affiliation":[{"name":"Faculty of Security, Tomsk State University of Control Systems and Radioelectronics, 40 Lenina Prospect, 634050 Tomsk, Russia"}]},{"given":"Alexander","family":"Shelupanov","sequence":"additional","affiliation":[{"name":"Faculty of Security, Tomsk State University of Control Systems and Radioelectronics, 40 Lenina Prospect, 634050 Tomsk, Russia"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-7710-5463","authenticated-orcid":false,"given":"Mikhail","family":"Kataev","sequence":"additional","affiliation":[{"name":"Faculty of Security, Tomsk State University of Control Systems and Radioelectronics, 40 Lenina Prospect, 634050 Tomsk, Russia"}]},{"given":"Valeriya","family":"Ageeva","sequence":"additional","affiliation":[{"name":"Faculty of Security, Tomsk State University of Control Systems and Radioelectronics, 40 Lenina Prospect, 634050 Tomsk, Russia"}]},{"given":"Alina","family":"Nabieva","sequence":"additional","affiliation":[{"name":"Faculty of Security, Tomsk State University of Control Systems and Radioelectronics, 40 Lenina Prospect, 634050 Tomsk, Russia"}]}],"member":"1968","published-online":{"date-parts":[[2022,3,8]]},"reference":[{"key":"ref_1","unstructured":"(2021, November 13). ICT Facts and Figures 2017. Available online: https:\/\/www.itu.int\/en\/ITUD\/Statistics\/Pages\/facts\/default.aspx."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"13","DOI":"10.22215\/timreview\/835","article-title":"Defining cybersecurity","volume":"4","author":"Craigen","year":"2014","journal-title":"Technol. Innov. Manag. Rev."},{"key":"ref_3","unstructured":"Romashkina, N.P., and Zagorskii, A.V. (2016). Information Security Threats during Crises and Conflicts of the XXI Century, IMEMO."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"734","DOI":"10.1016\/j.csi.2013.12.008","article-title":"An extensible pattern-based library and taxonomy of security threats for distributed systems","volume":"36","author":"Uzunov","year":"2014","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_5","first-page":"198","article-title":"A novel kill-chain framework for remote security log analysis with SIEM software","volume":"67","author":"Bryant","year":"2017","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"954","DOI":"10.1109\/TPDS.2009.146","article-title":"Correlation-Based Traffic Analysis Attacks on Anonymity Networks","volume":"7","author":"Zhu","year":"2010","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"012057","DOI":"10.1088\/1742-6596\/801\/1\/012057","article-title":"Enhancing Honeypot Deception Capability Through Network Service Fingerprinting","volume":"801","author":"Dahbul","year":"2017","journal-title":"J. Phys. Conf. Ser."},{"key":"ref_8","first-page":"51","article-title":"Information System Security Threats Classifications","volume":"31","author":"Sandro","year":"2007","journal-title":"J. Inf. Organ. Sci."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Albakri, A., Boiten, E., and de Lemos, R. (2018, January 27\u201330). Risks of Sharing Cyber Incident Information. Proceedings of the ARES 2018: Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg, Germany.","DOI":"10.1145\/3230833.3233284"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Messe, N., Chiprianov, V., Belloir, N., El-Hachem, J., Fleurquin, R., and Sadou, S. (January, January 29). Asset-Oriented Threat Modeling. Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China.","DOI":"10.1109\/TrustCom50675.2020.00073"},{"key":"ref_11","first-page":"300","article-title":"Introducing OSSF: A framework for online service cybersecurity risk management","volume":"65","author":"Meszaros","year":"2017","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Sion, L., Yskout, K., van den Berghe, A., Scandariato, R., and Joosen, W. (2015, January 16\u201317). MASC: Modelling Architectural Security Concerns. Proceedings of the 2015 IEEE\/ACM 7th International Workshop on Modeling in Software Engineering, Florence, Italy.","DOI":"10.1109\/MiSE.2015.14"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"1681908","DOI":"10.1155\/2018\/1681908","article-title":"Securing Cloud Hypervisors: A Survey of the Threats, Vulnerabilities, and Countermeasures","volume":"2018","author":"Barrowclough","year":"2018","journal-title":"Secur. Commun. Netw."},{"key":"ref_14","first-page":"241","article-title":"Managing vulnerabilities of information systems to security incidents","volume":"25","author":"Farahmand","year":"2008","journal-title":"J. Manag. Inf. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Ambalavanan, V. (2020). Cyber Threats Detection and Mitigation Using Machine Learning. Handbook of Research on Machine and Deep Learning Applications for Cyber Security, IGI Global.","DOI":"10.4018\/978-1-5225-9611-0.ch007"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Shah, N.F., and Kumar, P. (2017). A comparative analysis of various spam classifications. Progress in Intelligent Computing Techniques: Theory, Practice, and Applications, Springer.","DOI":"10.1007\/978-981-10-3376-6_29"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"402","DOI":"10.26483\/ijarcs.v9i2.5571","article-title":"Classification techniques using spam filtering email","volume":"9","author":"Chandrasekar","year":"2018","journal-title":"Int. J. Adv. Res. Comput. Sci."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"15650","DOI":"10.1109\/ACCESS.2017.2666785","article-title":"A review on mobile SMS spam filtering techniques","volume":"5","author":"Shafi","year":"2017","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1109\/TCSS.2016.2516039","article-title":"A performance evaluation of machine learning-based streaming spam tweets detection","volume":"2","author":"Chen","year":"2015","journal-title":"IEEE Trans. Comput. Soc. Syst."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"1436","DOI":"10.1016\/j.patrec.2011.03.022","article-title":"A survey and experimental evaluation of image spam filtering techniques","volume":"32","author":"Biggio","year":"2011","journal-title":"Pattern Recognit. Lett."},{"key":"ref_21","unstructured":"Kumar, A.D., Vinayakumar, R., and Soman, K. (2021, November 17). DeepImageSpam: Deep Learning based Image Spam Detection. Available online: https:\/\/www.researchgate.net\/publication\/328189401_DeepImageSpam_Deep_Learning_based_Image_Spam_Detection."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"491","DOI":"10.2298\/CSIS190122008J","article-title":"Logical filter approach for early stage cyber-attack detection","volume":"16","author":"Jusas","year":"2019","journal-title":"Comput. Sci. Inf. Syst."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"35365","DOI":"10.1109\/ACCESS.2018.2836950","article-title":"Machine learning and deep learning methods for cybersecurity","volume":"6","author":"Xin","year":"2018","journal-title":"IEEE Access"},{"key":"ref_24","first-page":"56","article-title":"Malware analysis and classification: A survey","volume":"5","author":"Gandotra","year":"2014","journal-title":"J. Inf. Secur."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"100","DOI":"10.14445\/22312803\/IJCTT-V7P106","article-title":"A review of cyber-attack classification technique based on data mining and neural network approach","volume":"7","author":"Dharamkar","year":"2014","journal-title":"Int. J. Comput. Trends Technol. (IJCTT)"},{"key":"ref_26","unstructured":"Hodo, E., Bellekens, X., Hamilton, A., Tachtatzis, C., and Atkinson, R. (2021, November 17). Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey. Available online: https:\/\/www.researchgate.net\/publication\/312170608_Shallow_and_Deep_Networks_Intrusion_Detection_System_A_Taxonomy_and_Survey."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1007\/s11416-018-0325-y","article-title":"Malware propagation in smart grid networks: Metrics, simulation and comparison of three malware types","volume":"15","author":"Zseby","year":"2019","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Ndibanje, B., Kim, K.H., Kang, Y.J., Kim, H.H., Kim, T.Y., and Lee, H.J. (2019). Cross-method-based analysis and classification of malicious behavior by api calls extraction. Appl. Sci., 9.","DOI":"10.3390\/app9020239"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1016\/j.ijcip.2014.06.002","article-title":"A computational asset vulnerability model for the strategic protection of the critical infrastructure","volume":"7","author":"White","year":"2014","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1016\/j.ijcip.2014.09.003","article-title":"A language for describing attacks on cyber-physical systems","volume":"8","author":"Yampolskiy","year":"2015","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"1049","DOI":"10.1108\/MRR-04-2013-0085","article-title":"Information security awareness and behavior: A theory-based literature review","volume":"37","author":"Lebek","year":"2014","journal-title":"Manag. Res. Rev."},{"key":"ref_32","unstructured":"Ruiz, G., Heymann, E., Cesar, E., and Miller, B.P. (2021, November 17). Automating Threat Modeling through the Software Development Life-Cycle. Available online: https:\/\/research.cs.wisc.edu\/mist\/papers\/Guifre-sep2012.pdf."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"1995","DOI":"10.1016\/j.jss.2010.05.069","article-title":"Modular analysis and modelling of risk scenarios with dependencies","volume":"83","author":"Braendeland","year":"2010","journal-title":"J. Syst. Softw."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Gupta, B., Agrawal, D.P., and Yamaguchi, S. (2016). Threats Classification: State of the Art. Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security, IGI Global.","DOI":"10.4018\/978-1-5225-0105-3"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Jouini, M., and Rabai, L.B.A. (2016, January 20\u201322). A Scalable Threats Classification Model in Information Systems. Proceedings of the SIN \u201916: Proceedings of the 9th International Conference on Security of Information and Networks, Newark, NJ, USA.","DOI":"10.1145\/2947626.2947630"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Khristolyubova, A.A., Konev, A.A., Shelupanov, A.A., and Solovev, M.L. (2019, January 23\u201326). Modeling threats to information security using IDEF0 methodology. Proceedings of the IOP Conference Series Materials Science and Engineering, Tomsk, Russia.","DOI":"10.1088\/1757-899X\/597\/1\/012071"},{"key":"ref_37","unstructured":"Lindqvist, U., and Jonsson, E. (1997, January 4\u20137). How to systematically classify computer security intrusions. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Gruschka, N., and Jensen, M. (2010, January 5\u201310). Attack surfaces: A taxonomy for attacks on cloud services. Proceedings of the IEEE 3rd International Conference on Cloud Computing, Miami, FL, USA.","DOI":"10.1109\/CLOUD.2010.23"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Sommer, F., Durrwang, J., and Kriesten, R. (2019). Survey and Classification of Automotive Security Attacks. Information, 10.","DOI":"10.3390\/info10040148"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Koltays, A., Konev, A., and Shelupanov, A. (2021). Mathematical Model for Choosing Counterparty When Assessing Information Security Risks. Risks, 9.","DOI":"10.3390\/risks9070133"},{"key":"ref_41","first-page":"81","article-title":"Cyber physical systems security: Analysis, challenges and solutions","volume":"68","author":"Ashibani","year":"2017","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_42","first-page":"2318","article-title":"Threat Modeling Framework for Electrical Distribution Scada Networks","volume":"23","author":"James","year":"2015","journal-title":"Middle-East J. Sci. Res."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"148","DOI":"10.1109\/TDSC.2015.2482484","article-title":"Towards Building Forensics Enabled Cloud Through Secure Logging-as-a-Service","volume":"13","author":"Zawoad","year":"2016","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_44","first-page":"272","article-title":"Formalization of Objectives of Grid Systems Resources Protection against Unauthorized Access","volume":"17","author":"Kalinin","year":"2014","journal-title":"Nonlinear Phenom. Complex Syst."},{"key":"ref_45","first-page":"31","article-title":"Security issues in smart homes and mobile health system: Threat analysis, possible countermeasures and lessons learned","volume":"9","author":"Olayemi","year":"2017","journal-title":"Int. J. Inf. Technol. Secur."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Rimsha, A.S., and Rimsha, K.S. (2019). The Problem of Selecting APCS\u2019 Information Security Tools. Cyber-Physical Systems: Industry 4.0 Challenges, Springer.","DOI":"10.1007\/978-3-030-32648-7_17"},{"key":"ref_47","unstructured":"(2022, January 04). STRIDE Threat Modeling: What You Need to Know. Available online: https:\/\/www.softwaresecured.com\/stride-threat-modeling\/."},{"key":"ref_48","unstructured":"(2022, January 04). Real World Threat Modeling Using the PASTA Methodology. Available online: https:\/\/owasp.org\/www-pdf-archive\/AppSecEU2012_PASTA.pdf."},{"key":"ref_49","unstructured":"(2022, January 04). LINDDUN Privacy Engineering. Available online: https:\/\/www.linddun.org\/."},{"key":"ref_50","unstructured":"(2022, January 04). Common Vulnerability Scoring System. Available online: https:\/\/en.wikipedia.org\/wiki\/Common_Vulnerability_Scoring_System."},{"key":"ref_51","unstructured":"(2022, January 04). Attack Tree. Available online: https:\/\/en.wikipedia.org\/wiki\/Attack_tree."},{"key":"ref_52","unstructured":"(2022, January 04). How Well Do You Know Your Personae Non Gratae. Available online: https:\/\/www.infoq.com\/articles\/personae-non-gratae\/."},{"key":"ref_53","unstructured":"Denning, T.A., Friedman, B., and Kohno, T. (2021, December 10). The Security Cards. Available online: https:\/\/securitycards.cs.washington.edu\/."},{"key":"ref_54","unstructured":"(2022, January 04). The Hybrid Threat Modeling Method. Available online: https:\/\/insights.sei.cmu.edu\/blog\/the-hybrid-threat-modeling-method\/."},{"key":"ref_55","unstructured":"(2022, January 04). What is Threat Modeling: Process and Methodologies?. Available online: https:\/\/www.simplilearn.com\/what-is-threat-modeling-article."},{"key":"ref_56","unstructured":"(2022, January 04). Stride, VAST, Trike, & More: Which Threat Modeling Methodology is Right for Your Organization?. Available online: https:\/\/threatmodeler.com\/threat-modeling-methodologies-overview-for-your-business\/."},{"key":"ref_57","unstructured":"(2022, January 04). Octave Method of Security Assessment. Available online: https:\/\/technology.ku.edu\/octave-method-security-assessment."},{"key":"ref_58","unstructured":"(2022, January 04). Threat Modeling: 12 Available Methods. Available online: https:\/\/insights.sei.cmu.edu\/blog\/threat-modeling-12-available-methods\/."},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Sion, L., Wuyts, K., Yskout, K., van Landuyt, D., and Joosen, W. (2018, January 23\u201327). Interaction-based Privacy Threat Elicitation. Proceedings of the 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), London, UK.","DOI":"10.1109\/EuroSPW.2018.00017"},{"key":"ref_60","unstructured":"Ingalsbe, J.A., Shoemaker, D., and Mead, N.R. (2011). Threat Modeling the Cloud Computing, Mobile Device Toting, Consumerized Enterprise\u2014An overview of considerations. AMCIS Proc., 359, Available online: https:\/\/aisel.aisnet.org\/amcis2011_submissions\/359\/."},{"key":"ref_61","doi-asserted-by":"crossref","first-page":"446","DOI":"10.1186\/s40064-016-2101-0","article-title":"Threat driven modeling framework using petri nets for e-learning system","volume":"5","author":"Khamparia","year":"2016","journal-title":"SpringerPlus"},{"key":"ref_62","doi-asserted-by":"crossref","unstructured":"Torkura, K., Sukmana, M., Meinig, M., Kayem, A., Cheng, F., Graupner, H., and Meinel, C. (2018, January 16\u201318). Securing Cloud Storage Brokerage Systems Through Threat Models. Proceedings of the IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA), Krakow, Poland.","DOI":"10.1109\/AINA.2018.00114"},{"key":"ref_63","first-page":"1195","article-title":"The PASTA threat model implementation in the IoT development life cycle","volume":"2021","author":"Wolf","year":"2020","journal-title":"INFORMATIK"},{"key":"ref_64","doi-asserted-by":"crossref","unstructured":"Seifert, D., and Reza, H. (2016). A Security Analysis of Cyber-Physical Systems Architecture for Healthcare. Computers, 5.","DOI":"10.3390\/computers5040027"},{"key":"ref_65","first-page":"130","article-title":"OCTAVE-Based Risk Evaluation for E-Government Information Systems","volume":"38","year":"2009","journal-title":"J. Univ. Electron. Sci. Technol. China"},{"key":"ref_66","doi-asserted-by":"crossref","unstructured":"Affia, A.O., Matulevicius, R., and Tonisson, R. (2021). Security Risk Estimation and Management in Autonomous Driving Vehicles. International Conference on Advanced Information Systems Engineering, Springer.","DOI":"10.1007\/978-3-030-79108-7_2"},{"key":"ref_67","doi-asserted-by":"crossref","first-page":"101755","DOI":"10.1016\/j.cose.2020.101755","article-title":"A LINDDUN-Based Framework for Privacy Threat Analysis on Identification and Authentication Processes","volume":"94","author":"Forne","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_68","doi-asserted-by":"crossref","unstructured":"Riva, G.M., Vasenev, A., and Zannone, N. (2020, January 25\u201328). SoK: Engineering privacy-aware high-tech systems. Proceedings of the 15th International Conference on Availability, Reliability and Security (ARES 2020), Dublin, Ireland.","DOI":"10.1145\/3407023.3407061"},{"key":"ref_69","doi-asserted-by":"crossref","unstructured":"Yin, X.C., Liu, Z.G., Nkenyereye, L., and Ndibanje, B. (2019). Toward an Applied Cyber Security Solution in IoT-Based Smart Grids: An Intrusion Detection System Approach. Sensors, 19.","DOI":"10.3390\/s19224952"},{"key":"ref_70","doi-asserted-by":"crossref","unstructured":"Basin David, A., Jurgen, D., and Torsten, L. (2003, January 2\u20133). Model driven security for process-oriented systems. Proceedings of the SACMAT \u201903: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, Italy.","DOI":"10.1145\/775423.775425"},{"key":"ref_71","doi-asserted-by":"crossref","unstructured":"Ahmed, U., Raza, I., Hussain, S.A., Ali, A., Iqbal, M., and Wang, X. (2015). Modelling Cyber Security for Software-Defined Networks Those Grow Strong When Exposed to Threats, Springer International Publishing.","DOI":"10.1007\/s40860-015-0008-0"},{"key":"ref_72","first-page":"6329","article-title":"A Novel Stochastic Model for Cybersecurity Metric Inspired by Markov Chain Model and Attack Graphs","volume":"9","author":"Aissa","year":"2020","journal-title":"Int. J. Sci. Technol. Res."},{"key":"ref_73","unstructured":"Jiang, H., Nagra, J., and Ahammad, P. (2021, November 17). Sok: Applying Machine Learning in Security. Available online: https:\/\/www.researchgate.net\/publication\/309854646_SoK_Applying_Machine_Learning_in_Security_-_A_Survey."},{"key":"ref_74","unstructured":"Apruzzese, G., Colajanni, M., Ferretti, L., Guido, A., and Marchetti, M. (June, January 30). On the effectiveness of machine and deep learning for cyber security. Proceedings of the International Conference on Cyber Conflict (ICCC), 10th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia."},{"key":"ref_75","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1016\/j.cose.2018.11.001","article-title":"Survey of machine learning techniques for malware analysis","volume":"81","author":"Ucci","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_76","doi-asserted-by":"crossref","first-page":"98","DOI":"10.1007\/s10916-019-1507-y","article-title":"Transforming Healthcare Cybersecurity from Reactive to Proactive: Current Status and Future Recommendations","volume":"44","author":"Bhuyan","year":"2018","journal-title":"J. Med. Syst."},{"key":"ref_77","unstructured":"Ford, V., and Siraj, A. (2014, January 13). Applications of machine learning in cyber security. Proceedings of the 27th International Conference on Computer Applications in Industry and Engineering 2014, Kota Kinabalu, Malaysia."},{"key":"ref_78","doi-asserted-by":"crossref","unstructured":"Ding, Q., Zhu, R., Liu, H., and Ma, M. (2021). An Overview of Machine Learning-Based Energy-Efficient Routing Algorithms in Wireless Sensor Networks. Electronics, 1539.","DOI":"10.3390\/electronics10131539"},{"key":"ref_79","doi-asserted-by":"crossref","first-page":"1434","DOI":"10.1016\/j.adhoc.2009.04.012","article-title":"Rethinking security properties, threat models, and the design space in sensor networks: A case study in SCADA systems","volume":"7","author":"Cardenas","year":"2009","journal-title":"Ad Hoc Netw."},{"key":"ref_80","doi-asserted-by":"crossref","first-page":"3410","DOI":"10.1109\/TVT.2014.2302022","article-title":"Optimal Information-Theoretic Wireless Location Verification","volume":"63","author":"Yan","year":"2014","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_81","doi-asserted-by":"crossref","unstructured":"Churcher, A., Ullah, R., Ahmad, J., Rehman, S.U., Masood, F., Gogate, M., Alqahtani, F., Nour, B., and Buchanan, W.J. (2021). An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks. Sensors, 21.","DOI":"10.3390\/s21020446"},{"key":"ref_82","doi-asserted-by":"crossref","unstructured":"Chmiel, M., Korona, M., Kozio\u0142, F., Szczypiorski, K., and Rawski, M. (2021). Discussion on IoT Security Recommendations against the State-of-the-Art Solutions. Electronics, 10.","DOI":"10.3390\/electronics10151814"},{"key":"ref_83","doi-asserted-by":"crossref","unstructured":"Arseni, S., Chifor, B., Coca, M., Medvei, M., Bica, I., and Matei, I. (2021). RESFIT: A Reputation and Security Monitoring Platform for IoT Applications. Electronics, 10.","DOI":"10.3390\/electronics10151840"},{"key":"ref_84","doi-asserted-by":"crossref","unstructured":"Apostol, I., Preda, M., Nila, C., and Bica, I. (2021). IoT Botnet Anomaly Detection Using Unsupervised Deep Learning. Electronics, 10.","DOI":"10.3390\/electronics10161876"},{"key":"ref_85","doi-asserted-by":"crossref","unstructured":"Thaseen, I.S., Mohanraj, V., Ramachandran, S., Sanapala, K., and Yeo, S. (2021). A Hadoop Based Framework Integrating Machine Learning Classifiers for Anomaly Detection in the Internet of Things. Electronics, 10.","DOI":"10.3390\/electronics10161955"},{"key":"ref_86","doi-asserted-by":"crossref","unstructured":"Lagerstrom, R., Baldwin, C., MacCormack, A., and Dreyfus, D. (2013). Visualizing and Measuring Enterprise Architecture: An Exploratory BioPharma Case. IFIP Working Conference on The Practice of Enterprise Modeling, Springer.","DOI":"10.1007\/978-3-642-41641-5_2"},{"key":"ref_87","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1007\/978-3-642-40861-8_42","article-title":"Cloud Computing Risk Assessment: A Systematic Literature Review","volume":"276","author":"Latif","year":"2014","journal-title":"Lect. Notes Electr. Eng."},{"key":"ref_88","doi-asserted-by":"crossref","unstructured":"Razaque, A., Frej, M.B.H., Alotaibi, B., and Alotaibi, M. (2021). Privacy Preservation Models for Third-Party Auditor over Cloud Computing: A Survey. Electronics, 10.","DOI":"10.20944\/preprints202109.0413.v1"},{"key":"ref_89","doi-asserted-by":"crossref","unstructured":"Belapurkar, A., Chakrabarti, A., Ponnapalli, H., Varadarajan, N., Padmanabhuni, S., and Sundarrajan, S. (2009). Distributed Systems Security: Issues, Processes and Solutions, John Wiley & Sons.","DOI":"10.1002\/9780470751787"},{"key":"ref_90","first-page":"2920","article-title":"Engineering security into distributed systems: A survey of methodologies","volume":"18","author":"Uzunov","year":"2012","journal-title":"J. Univers. Comput. Sci."},{"key":"ref_91","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1016\/j.infsof.2014.09.001","article-title":"A Comprehensive Pattern-Oriented Approach to Engineering Security Methodologies","volume":"57","author":"Uzunov","year":"2015","journal-title":"Inf. Softw. Technol."},{"key":"ref_92","doi-asserted-by":"crossref","unstructured":"Khan, R., McLaughlin, K., Laverty, D., and Sezer, S. (2017, January 26\u201329). STRIDE-based Threat Modeling for Cyber-Physical Systems. Proceedings of the IEEE PES Innovative Smart Grid Technologies Conference Europe, Turin, Italy.","DOI":"10.1109\/ISGTEurope.2017.8260283"},{"key":"ref_93","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1007\/s00766-013-0195-2","article-title":"A descriptive study of Microsoft\u2019s threat modeling technique","volume":"20","author":"Scandariato","year":"2015","journal-title":"Requir. Eng."},{"key":"ref_94","doi-asserted-by":"crossref","unstructured":"Sion, L., Yskout, K., van Landuyt, D., and Joosen, W. (2018, January 9\u201313). Solution-aware data flow diagrams for security threat modeling. Proceedings of the 33rd Annual ACM Symposium on Applied Computing, Pau, France.","DOI":"10.1145\/3167132.3167285"},{"key":"ref_95","doi-asserted-by":"crossref","unstructured":"Honkaranta, A., Leppanen, T., and Costin, A. (2021, January 12\u201314). Towards Practical Cybersecurity Mapping of STRIDE and CWE\u2014A Multi-Perspective Approach. Proceedings of the 29th Conference of Open Innovations Association (FRUCT), Tampere, Finland.","DOI":"10.23919\/FRUCT52173.2021.9435453"},{"key":"ref_96","unstructured":"Karahasanovic, A., Kleberger, P., and Almgren, M. (2017, January 7\u20138). Adapting Threat Modeling Methods for the Automotive Industry. Proceedings of the 15th ESCAR Conference, Berlin, Germany."},{"key":"ref_97","doi-asserted-by":"crossref","unstructured":"Pell, R., Moschoyiannis, S., and Panaousis, E. (2021). Multi-Stage Threat Modelling and Security Monitoring in 5GCN. Cybersecurity Issues in Emerging Technologies, CRC Press.","DOI":"10.1201\/9781003109952-4"},{"key":"ref_98","doi-asserted-by":"crossref","unstructured":"Lee, C.C., Tan, T.G., Sharma, V., and Zhou, J. (2021). Quantum Computing Threat Modelling on a Generic CPS Setup. International Conference on Applied Cryptography and Network Security, Springer.","DOI":"10.1007\/978-3-030-81645-2_11"},{"key":"ref_99","unstructured":"van Landuyt, D., and Joosen, W. (April, January 30). A descriptive study of assumptions made in LINDDUN privacy threat elicitation. Proceedings of the 35th Annual ACM Symposium on Applied Computing, Brno, Czech Republic."},{"key":"ref_100","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/s00766-010-0115-7","article-title":"A Privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements","volume":"16","author":"Deng","year":"2011","journal-title":"Requir. Eng."},{"key":"ref_101","doi-asserted-by":"crossref","unstructured":"Li, E., Kang, C., Huang, D., Hu, M., Chang, F., He, L., and Li, X. (2019). Quantitative Model of Attacks on Distribution Automation Systems Based on CVSS and Attack Trees. Information, 10.","DOI":"10.3390\/info10080251"},{"key":"ref_102","doi-asserted-by":"crossref","first-page":"1002","DOI":"10.1109\/TDSC.2016.2644614","article-title":"Can the Common Vulnerability Scoring System Be Trusted? A Bayesian Analysis","volume":"15","author":"Johnson","year":"2016","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_103","unstructured":"Mantha, B., Jung, Y., and Garcia, B. (July, January 28). Implementation of the Common Vulnerability Scoring System to Assess the Cyber Vulnerability in Construction Projects. Proceedings of the Creative Construction Conference, Opatija, Croatia."},{"key":"ref_104","doi-asserted-by":"crossref","unstructured":"Czekster, R.M., and Morisset, C. (2021, January 13\u201316). BDMPathfinder: A tool for exploring attack paths in models defined by Boolean Logic Driven Markov Processes. Proceedings of the European Dependable Computing Conference, Munich, Germany.","DOI":"10.1109\/EDCC53658.2021.00019"},{"key":"ref_105","doi-asserted-by":"crossref","unstructured":"Falco, G., Viswanathan, A., and Santangelo, A. (2021, January 26\u201330). CubeSat Security Attack Tree Analysis. Proceedings of the 8th IEEE International Conference on Space Mission Challenges for Information Technology, Pasadena, CA, USA.","DOI":"10.1109\/SMC-IT51442.2021.00016"},{"key":"ref_106","doi-asserted-by":"crossref","unstructured":"Mead, N., Shull, F., Spears, J., Heibl, S., Weber, S., and Cleland-Huang, J. (2017, January 4\u20138). Crowd Sourcing the Creation of Personae Non Gratae for Requirements-Phase Threat Modeling. Proceedings of the IEEE 25th International Requirements Engineering Conference, Lisbon, Portugal.","DOI":"10.1109\/RE.2017.63"},{"key":"ref_107","doi-asserted-by":"crossref","unstructured":"Omotunde, H., and Ibrahim, R. (2016, January 19\u201322). A Hybrid Threat Model for Software Security Requirement Specification. Proceedings of the International Conference on Information Science and Security, Pattaya, Thailand.","DOI":"10.1109\/ICISSEC.2016.7885836"},{"key":"ref_108","doi-asserted-by":"crossref","unstructured":"Luna, J., Suri, N., and Krontiris, I. (2012, January 10\u201312). Privacy-by-design based on quantitative threat modeling. Proceedings of the Risk and Security of Internet and Systems, Cork, Ireland.","DOI":"10.1109\/CRISIS.2012.6378941"},{"key":"ref_109","doi-asserted-by":"crossref","unstructured":"Alberts, C., Dorofee, A., Stevens, J., and Woody, C. (2003). Introduction to the OCTAVE Approach. Introduction to the OCTAVE Approach, Software Engineering Institute, Carnegie Mellon University.","DOI":"10.21236\/ADA634134"},{"key":"ref_110","unstructured":"Saitta, P., Larcom, B., and Eddington, M. (2022, January 04). Trike v.1 Methodology Document, Available online: https:\/\/www.octotrike.org\/papers\/Trike_v1_Methodology_Document-draft.pdf."},{"key":"ref_111","doi-asserted-by":"crossref","unstructured":"Nhlabatsi, A., Hussein, A., Fetais, N., and Khan, K.M. (2020, January 2\u20135). Design and Implementation of a Threat-Specific Security Risk Assessment Tool. Proceedings of the IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), Doha, Qatar.","DOI":"10.1109\/ICIoT48696.2020.9089459"},{"key":"ref_112","doi-asserted-by":"crossref","first-page":"50","DOI":"10.4018\/IJSSE.2015070103","article-title":"An Alternative Threat Model-based Approach for Security Testing","volume":"6","author":"Falah","year":"2015","journal-title":"Int. J. Secur. Softw. Eng."},{"key":"ref_113","unstructured":"Aydin, M.M. (2016). Engineering Threat Modelling Tools for Cloud Computing, University of York, Computer Science."},{"key":"ref_114","unstructured":"Lenzini, G., Mauw, S., and Ouchani, S. (2016, January 26\u201327). Security Analysis of Socio-Technical Physical Systems. Proceedings of the STM 2016: Security and Trust Management, Heraklion, Crete, Greece."},{"key":"ref_115","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1016\/j.ijcip.2009.06.001","article-title":"Understanding the physical and economic consequences of attacks on control systems","volume":"2","author":"Huang","year":"2009","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_116","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1016\/j.ijcip.2012.08.002","article-title":"Modeling Security in Cyber-Physical Systems","volume":"5","author":"Burmester","year":"2012","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_117","unstructured":"Baquero, A.O., Kornecki, A.J., and Zalewski, J. (September, January 31). Threat Modeling for Aviation Computer Security. Proceedings of the 11th International Conference on Availability, Reliability and Security (ARES), Salzburg, Austria."},{"key":"ref_118","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2017\/4621587","article-title":"PMCAP: A Threat Model of Process Memory Data on the Windows Operating System","volume":"2017","author":"Pan","year":"2017","journal-title":"Secur. Commun. Netw."},{"key":"ref_119","unstructured":"Abrams, M.D. (1998). NIMS Information Security Threat Methodology, MITRE Corporation."},{"key":"ref_120","doi-asserted-by":"crossref","unstructured":"Novokhrestov, A., and Konev, A. (2016). Mathematical Model of Threats to Information Systems. AIP Conference Proceedings, AIP Publishing LLC.","DOI":"10.1063\/1.4964595"},{"key":"ref_121","first-page":"1","article-title":"Challenges for securing cyber physical systems","volume":"5","author":"Alvaro","year":"2009","journal-title":"Electr. Eng. Comput. Sci."},{"key":"ref_122","unstructured":"Gaddam, N., Kumar, G.S.A., and Somani, A.K. (2008, January 18\u201320). Securing Physical Processes against Cyber Attacks in Cyber-Physical Systems. Proceedings of the National Workshop for Research on High-Confidence Transportation Cyber-Physical Systems: Automotive, Aviation & Rail, Tyson\u2019s Corner, VA, USA."},{"key":"ref_123","unstructured":"Myagmar, S., Lee, A.J., and Yurcik, W. (2022, January 04). Threat modeling as a basis for security requirements. Symposium on Requirements Engineering for Information Security (SREIS), Available online: http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.703.8462&rep=rep1&type=pdf."},{"key":"ref_124","doi-asserted-by":"crossref","first-page":"498","DOI":"10.1016\/j.cose.2006.03.001","article-title":"Security issues in SCADA networks","volume":"25","author":"Igure","year":"2006","journal-title":"Comput. Secur."},{"key":"ref_125","unstructured":"Shostack, A. (2014). Threat Modeling, John Wiley & Sons, Inc."},{"key":"ref_126","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1088\/1742-6596\/1488\/1\/012002","article-title":"Computer network threat modelling","volume":"1488","author":"Novokhrestov","year":"2020","journal-title":"J. Phys. Conf. Ser."},{"key":"ref_127","first-page":"102471","article-title":"Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies","volume":"52","author":"Barrere","year":"2020","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_128","doi-asserted-by":"crossref","unstructured":"Novokhrestov, A., Konev, A., and Shelupanov, A. (2019). Model of Threats to Computer Network Software. Symmetry, 11.","DOI":"10.3390\/sym11121506"},{"key":"ref_129","doi-asserted-by":"crossref","first-page":"1840","DOI":"10.3390\/sym12111840","article-title":"A Model of Threats to the Confidentiality of Information Processed in Cyberspace Based on the Information Flows Model","volume":"12","author":"Egoshin","year":"2020","journal-title":"Symmetry"},{"key":"ref_130","unstructured":"Pendergrass, J.C., Heart, K., Ranganathan, C., and Venkatakrishnan, V.N. (2013). A Threat Table Based Approach to Telemedicine Security, Western Michigan University."},{"key":"ref_131","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1109\/TST.2014.6787363","article-title":"Energy-Theft Detection Issues for Advanced Metering Infrastructure in Smart Grid","volume":"19","author":"Jiang","year":"2014","journal-title":"Tsinghua Sci. Technol."},{"key":"ref_132","unstructured":"(2022, January 04). IEEE Std 1471-2000. IEEE Recommended Practice for Architecture Description of Software-Intensive Systems. Available online: https:\/\/ieeexplore.ieee.org\/document\/875998."},{"key":"ref_133","unstructured":"(2015). Systems and Software Engineering\u2013System Life Cycle Processes (Standard No. ISO\/IEC\/IEEE 15288:2015)."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/3\/549\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,27]],"date-time":"2024-07-27T05:27:17Z","timestamp":1722058037000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/3\/549"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,8]]},"references-count":133,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2022,3]]}},"alternative-id":["sym14030549"],"URL":"https:\/\/doi.org\/10.3390\/sym14030549","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,3,8]]}}}