Ontology and Fuzzy Measures based System for Information Security Risk Assessment

Raihan Muratkhan, Dauren Kabenov, Dina Satybaldina

2012

Abstract

Traditionally the information security risk is defined as a combination of probability of negative event and a potential impact. But risk of the breach of information security of the modern organization is the multidimensional complex concept which is including set of interconnected variables. Often values of risk factors cannot be precisely defined. Therefore the information security risk assessment may be defined as a fuzzy problem. In this paper algorithm of the problem decision of alternative's assessment which has network-like estimation criteria structure is considered. Connections in criteria structure are formalized by means of fuzzy integral of Sugeno. Ontology-based information security knowledge domain has net-like structure incorporating the most relevant information security concepts (assets, threats, vulnerabilities and controls) and relations among them. Slots describe properties of concepts and instances. Each property can be set to a specific fuzzy value. The estimation criteria structure is network-like and is formalized as the oriented graph with one source and many drains. The alternative's estimation result is calculated in criterion-source.

References

  1. Mazur, S., Blasch, E., Chen, Y. and Skormin, V.: Mitigating Cloud Computing Security Risks usinga Self-Monitoring Defensive Scheme. Distribution Statement A: Approved for Public Release, (2011) 88ABW-2011-3983.
  2. Wu, S. X. and Banzhaf, W.: The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing, Vol. 10, (2010) 1-35.
  3. Straub, D. and Welke, R.: Coping with systems risk: Security planning models for management decision making. MIS Quarterly, Vol. 22(4), (1998) 441-469.
  4. Smith, S. and Spaord, E.: Grand challenges in information security: Process and output. IEEE Security & Privacy, Vol. 2(1), (2004) 69-71.
  5. Hecker, A., Dillon, T., and Elizabeth, C.: Privacy Ontology Support for E-Commerce, Internet Computing, Issue No. 2, (2008) 54 - 61.
  6. Fenz, S. and Ekelhart, A.: Formalizing information security knowledge. ASIACCS 7809: Proceedings of the 2009 ACM symposium on Information, computer and communications security, ACM, (2009) 183-194.
  7. Kim, A, Luo, J. and Myong, K.: Security Ontology for Annotating Resources. Naval Research Lab, NRL Memorandum Report, NRL/MR/5540-05-641: Washington, D.C., (2005).
  8. Yeong Min Kima and Chee Kyeong Kimb.: Fuzzy based state assessment for reinforced concrete building structures. Engineering Structures, Vol. 28. 9 (2006) 1286-1297.
  9. Magyla, T.: The evaluation implementation impact of centralized traffic control systems in railways. Kaunas University of Technology - Transport, Vol.17, No. 3 (2002) 96-102.
  10. Pham, T. and Wagner, M.: Similarity normalization for speaker verification by fuzzy fusion. Pattern Recognition, vol. 33 (2000) 309-315.
  11. Gruber, T. R.: Toward principles for the design of ontologies used for knowledge sharing. International. J. of Human-Computer Studies, Vol. 43(5-6), (1195) 907-928.
  12. Decker, S., Erdmann, M., Fensel, D. and Studer, D. Ontobroker: Ontology based access to distributed and semi-structured information. DS-8: Semantic Issues in Multimedia Systems, 1999.
  13. Noy, Natalya F. and McGuinness, Deborah L.: Ontology Development 101: A Guide to Creating Your First Ontology'. Stanford Knowledge Systems Laboratory Technical Report KSL-01-05 and Stanford Medical Informatics Technical Report SMI-2001-0880, March 2001.
  14. The Ontolingua ontology library. [Online] Available from: http://www.ksl.stanford.edu/software/ontolingua/
  15. The DAML ontology library. [Online] Available from: http://www.daml.org/ontologies
  16. NIST. An Introduction to Computer Security - The NIST Handbook. Technical report, NIST (National Institute of Standards and Technology) (1995). Special Publication 800-12.
  17. Ngai, E. W. T. and Wat, F. K. T.: Fuzzy decision support system for risk analysis in ecommerce development. Decision Support Systems, Vol. 40 (2005) 235-255.
  18. Satybaldina, D.: A Fuzzy Rule Knowledge-Based System for Information Security Risk Analysis. American Index of Central Asian Scholarship (AICAS), Vol.1, ? 2 (2010) 61- 67.
  19. Satybaldina, D.: A formalized approach to determining security requirements. Proceeding of the Third Congress of the World Mathematical Society of Turkic Countries. Almaty, (2009) 215-221.
  20. Sveshnikov,S. and Bocharnikov, V.: Contextual algorithm for decision of fuzzy estimation problems with network-like structure of criteria on the basis of fuzzy measures Sugeno. MPRA Paper No. 17351, posted 17 (2009). [Online] Available from: http://mpra.ub.unimuenchen.de/17351
  21. Schmucker, K. J.: Fuzzy Sets, Natural Language Computations and Risk Analysis, Computer Science Press, Rockville, MD (1984).
  22. Dubois, D. and Prade, H.: Fuzzy Sets and Systems, Academic Press, New York (1980).
Download


Paper Citation


in Harvard Style

Muratkhan R., Kabenov D. and Satybaldina D. (2012). Ontology and Fuzzy Measures based System for Information Security Risk Assessment . In Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012) ISBN 978-989-8565-15-0, pages 77-84. DOI: 10.5220/0004097800770084


in Bibtex Style

@conference{wosis12,
author={Raihan Muratkhan and Dauren Kabenov and Dina Satybaldina},
title={Ontology and Fuzzy Measures based System for Information Security Risk Assessment},
booktitle={Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)},
year={2012},
pages={77-84},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004097800770084},
isbn={978-989-8565-15-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)
TI - Ontology and Fuzzy Measures based System for Information Security Risk Assessment
SN - 978-989-8565-15-0
AU - Muratkhan R.
AU - Kabenov D.
AU - Satybaldina D.
PY - 2012
SP - 77
EP - 84
DO - 10.5220/0004097800770084