Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

Article English OPEN
Chang, Kuei-Hu (2014)
  • Publisher: Hindawi Publishing Corporation
  • Journal: The Scientific World Journal, volume 2,014 (issn: 2356-6140, eissn: 1537-744X)
  • Related identifiers: pmc: PMC4227387, doi: 10.1155/2014/506714
  • Subject: Research Article | Science (General) | Q1-390 | Article Subject

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system’s elementary event are incomplete—the traditional approach for calculating reliability—is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.
  • References (27)
    27 references, page 1 of 3

    Tidwell, T., Larson, R., Fitch, K., Hale, J.. Modeling internet attacks. : 54-59

    Dhillon, G., Torkzadeh, G.. Value-focused assessment of information system security in organizations. Information Systems Journal. 2006; 16 (3): 293-314

    Satoh, N., Kumamoto, H., Kino, Y.. Viewpoint of ISO GMITS and probabilistic risk assessment in information security. International Journal of Systems Applications, Engineering and Development. 2008; 2 (4): 237-244

    Symantec Corporation, null. Full report: internet security threat report.

    Opdahl, A. L., Sindre, G.. Experimental comparison of attack trees and misuse cases for security threat identification. Information and Software Technology. 2009; 51 (5): 916-932

    Wu, K., Ye, S.. An information security threat assessment model based on Bayesian network and OWA operator. Applied Mathematics and Information Sciences. 2014; 8 (2): 833-838

    Lee, Z. J., Chang, L. Y.. Apply fuzzy decision tree to information security risk assessment. International Journal of Fuzzy Systems. 2014; 16 (2): 265-269

    Blyth, A.. An architecture for an XML enabled firewall. International Journal of Network Security. 2009; 8 (1): 31-36

    Helmer, G., Wong, J., Slagell, M.. Software fault tree and coloured Petri net–based specification, design and implementation of agent-based intrusion detection systems. International Journal of Information and Computer Security. 2007; 1 (1-2): 109-142

    Azaiez, M. N., Bier, V. M.. Optimal resource allocation for security in reliability systems. European Journal of Operational Research. 2007; 181 (2): 773-786

  • Metrics
    No metrics available
Share - Bookmark