An Information Security Threat Assessment Model based on Bayesian Network and OWA Operator

نویسندگان

  • Kehe Wu
  • Shichao Ye
چکیده

Information security threat assessment involves two aspects, namely, technology and management. A great amount of uncertainties exist in the assessment, which cannot be strictly quantized. Thus, the completely objective information security risk assessment is hard to realize. To this end, this research proposed an information security threat assessment model based on Bayesian Network (BN) and OWA operator. Firstly, with the integration of expert knowledge, the conditional probability matrix of reasoning rules in BN was clarified, as a basis of the establishment of information security threat assessment model. Then, with the group-decision method of OWA operator, the subjective judging information of experts on the threat level of target information system was integrated, which was taken as the prior information of the threat level of target information system. Meanwhile, with the observation nodes of objective assessment information, subjective and objective security threat level was integrated, which realized the continuity and accumulation of the security assessment. Finally, the rationality and effectiveness of this model were verified through the simulation example.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

ADAPTIVE ORDERED WEIGHTED AVERAGING FOR ANOMALY DETECTION IN CLUSTER-BASED MOBILE AD HOC NETWORKS

In this paper, an anomaly detection method in cluster-based mobile ad hoc networks with ad hoc on demand distance vector (AODV) routing protocol is proposed. In the method, the required features for describing the normal behavior of AODV are defined via step by step analysis of AODV and independent of any attack. In order to learn the normal behavior of AODV, a fuzzy averaging method is used fo...

متن کامل

The Framework for Information Security Risk Network Management based on Bayesian Belief Decision Support System for Threat on the Campus

The security network management system is for providing clear guidelines on risk evaluation and assessment for enterprise networks. The risk evaluation is based on the relationships among the most critical assets, and threats that are likely to those assets and their vulnerability impacts. Threat and risk assessment are conducted for identifying the safeguards to be adapted in order to maintain...

متن کامل

Bayesian Attack Model for Dynamic Risk Assessment

Because of the threat of advanced multi-step attacks, it is often difficult for security operators to completely cover all vulnerabilities when deploying remediations. Deploying sensors to monitor attacks exploiting residual vulnerabilities is not sufficient and new tools are needed to assess the risk associated to the security events produced by these sensors. Although attack graphs were propo...

متن کامل

Malware Risk Analysis on the Campus Network with Bayesian Belief Network

A security network management system is for providing clear guidelines on risk evaluation and assessment for enterprise networks. The threat and risk assessment is conducted to safeguard enterprise network services to maintain system confidentiality, integrity, and availability through effective control strategies. In this paper, based on our previous work in analyzing integrated information se...

متن کامل

An Authorization Framework for Database Systems

Today, data plays an essential role in all levels of human life, from personal cell phones to medical, educational, military and government agencies. In such circumstances, the rate of cyber-attacks is also increasing. According to official reports, data breaches exposed 4.1 billion records in the first half of 2019. An information system consists of several components, which one of the most im...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2013