Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVI

In Estonia, digital signing started with the Digital Signatures Act already as early as in 2000. The aim to make digital signing and its use with various types of documents more convenient and efficient has had a high priority in the state’s e-Governance initiative. In this article we provide a study of the systematic introduction and use of digital signatures with documents related to decision-making processes and analyze the factors which influence this. We look at local governments as a major use case and provide an overview of the digital signing statistics for local government document exchange. The article highlights the differences related to the size and administrative capacity of the local governments as well as their readiness to transition into the information society.

Due to the rapid development of large scale and big data systems, attribute-based access control (ABAC) model has inaugurated a new wave in the research field of access control. In this paper, we propose a novel and comprehensive mechanism for enforcing attribute-based security policies stored in JSON documents. We build a lightweight grammar for conditional expressions that are the combination of subject, resource, and environment attributes so that the policies are flexible, dynamic and fine grained. Besides, we also present an extension from the ABAC model for privacy protection with the approach of purpose usage. The notion of purpose is associated with levels of data disclosure and constraints to support more fine-grained privacy policies. A prototype built for the proposed model using Java and MongoDB has also presented in the paper. The experiment is carried out to illustrate the relationship between the processing time for access decision and the complexity of policies.

Intrusion detection for computer network systems has been becoming one of the most critical tasks for network administrators today. It has an important role for organizations, governments and our society due to the valuable resources hosted on computer networks. Traditional misuse detection strategies are unable to detect new and unknown intrusion types. In contrast, anomaly detection in network security aims to distinguish between illegal or malicious events and normal behavior of network systems. Anomaly detection can be considered as a classification problem where it builds models of normal network behavior, of which it uses to detect new patterns that significantly deviate from the model. Most of the current approaches on anomaly detection is based on the learning of normal behavior and anomalous actions. They do not include memory that is they do not take into account previous events classify new ones. In this paper, we propose a one-class collective anomaly detection model based on neural network learning. Normally a Long Short-Term Memory Recurrent Neural Network (LSTM RNN) is trained only on normal data, and it is capable of predicting several time-steps ahead of an input. In our approach, a LSTM RNN is trained on normal time series data before performing a prediction for each time-step. Instead of considering each time-step separately, the observation of prediction errors from a certain number of time-steps is now proposed as a new idea for detecting collective anomalies. The prediction errors of a certain number of the latest time-steps above a threshold will indicate a collective anomaly. The model is evaluated on a time series version of the KDD 1999 dataset. The experiments demonstrate that the proposed model is capable to detect collective anomaly efficiently.

Natural disasters can be mitigated or even anticipated if we have appropriate means, in terms of communications and data sharing models, to collect relevant data in advance or during disaster occurrences, which can be used for supporting disaster prevention and recovery processes. This work proposes a framework that encourages people to collect and share data about disaster, especially flood in Ho Chi Minh City, via on-site established multihop wireless access networks configured by the sharing of internet connectivity in users’ mobile devices. For connectivity sharing, on-the-fly establishment of multihop wireless access network (OEMAN) scheme is thoroughly analyzed and improved to resolve its inherent issue on traffic load imbalance due to its tree-based structure. More specifically, we propose a linear program for overload-aware routing optimization considering wireless interference. Evaluations implemented in Matlab show that the overload-aware routing improves load balancing among available virtual access points in OEMAN. By avoiding nodes with heavy load in the network, our solution improves network throughput compared to overload-unaware routing protocols.

Security in the aircraft business attracts heightened attention because of the expansion of differing cyber attacks, many being driven by technology innovation. Continuous research does not consider the sociotechnical essence of security in basic areas, for example, carrier turnaround systems. To cut time and costs, the latter comprises several companies for ticket- and luggage management, maintenance checks, cleaning, passenger transportation, re-fueling, and so on. The carrier business has embraced broadly data innovation for guaranteeing that aircrafts are in a state to take off again as fast as would be prudent. Progressively, this prompts the development of a virtual enterprise that utilizes data advances to consistently coordinate individual airline-turnaround processes into a single structure. The subsequent sociotechnical security risk management issues are not clearly understood and require further examination. This paper fills the gap with an assessment about the application of a security risk management strategy to identify business assets for a more profound risk mitigation analyses. The result of this paper provides knowledge about the usefulness of existing security risk management approaches.

This paper introduces an efficient watermarking approach for distributed relational databases, which is generic enough to support database outsourcing and hybrid partitioning. Various challenges, like partitioning and distribution of data, existence of replication etc., are addressed effectively by watermarking different partitions using different sub keys and by maintaining a meta-data about the data distribution. Notably, the embedding and detection phases are designed with the aim of making embedded watermarks partitioning-insensitive. That means, database partitioning and its distribution do not disturb any embedded watermark at all. To the best of our knowledge, this is the first proposal on watermarking of distributed relational databases supporting database outsourcing, its partitioning and distribution in a distributed setting.