First level threats

Second level threats

Damage

Solutions

Data not effectively protected

Data tampering

Data distortion or invalid

Tamper detection, User authentication, data encryption, Tamper proof material

Data exposure

Illegal use User’ data

User authentication,

data encryption,

Audit, Construct

machine learning model

Data monitored or collected

Privacy

disclosure

Establishment of special system, data encryption

User exception

Illegal act

Break the role code of conduct

Intrusion detection, Establishment of special system, User

behavior analysis

Unauthorized access

Illegal processing of data

Access control

Weak safety awareness

Create a breakthrough for attackers

Empirical research

Vulnerability of

Defense system

Bug

Used to destroy the database

Safety assessment, Empirical framework

Inaccurate identification

Reject normal users and accept illegal users

User authentication

External attack

Spam

Occupy a lot of storage space and commit fraud

Access control

Malicious traffic

Server works abnormally

Audit,

Intrusion detection

SQL injection

Embedded trojan horse and illegal right raising

Access control, Access control, User behavior analysis, System risk prediction

Illegal access

Break system authentication mechanism and obtain others data

User authentication,

Establishment of special system,

Intrusion detection

Malicious software

Illegal access to user secret data

Data encryption, Malware detection,

Intrusion detection

DDoS attack

System functions not available

Intrusion detection, Access control

Bypass and physical attack

Hardware Damage and less preventable

Intrusion detection, Tamper proof material