The Role of Weighted Entropy in Security Quantification

is no doubt that an Information System faces various challenges every day and security is only one of them. It takes a lot of planning and even more work to keep it up and running. Faulty wiring, hardware problems, overloading, new versions, backups are just some of the possible failing factors. Yet, the probability of their occurrence is almost impossible to predict. The aim of this paper is to study the " behavioral model " that the technical risk factors which affect the security level of an Information System follow and suggest possible failing points. We will attempt to incorporate a more practical approach, by using real life scenarios that have occurred in many corporations, rather than " manufacturing " a theoretical approach that suits the needs of our findings. To this end we use data that are publicly available through open source databases. The analysis proposed, of the data collected, performed using weighted entropy methodology. Finally, the output of this research is going to be used as an input to the proposed model of our research group for quantifying security using Stochastic Processes[1].

[1]  Jon Kleinberg,et al.  Authoritative sources in a hyperlinked environment , 1999, SODA '98.

[2]  Bernhard Plattner,et al.  Large-scale vulnerability analysis , 2006, LSAD '06.

[3]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[4]  J. Homer A Sound and Practical Approach to Quantifying Security Risk in Enterprise Networks ∗ , 2009 .

[5]  Salvatore Orlando,et al.  A new algorithm for gap constrained sequence mining , 2004, SAC '04.

[6]  Yashwant K. Malaiya,et al.  Security vulnerability categories in major software systems , 2006, Communication, Network, and Information Security.

[7]  Paul Resnick,et al.  Recommender systems , 1997, CACM.

[8]  Paulo Gondim,et al.  A framework for risk assessment of information technology in the corporate environment , 2007 .

[9]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[10]  Domonkos Tikk,et al.  Scalable Collaborative Filtering Approaches for Large Recommender Systems , 2009, J. Mach. Learn. Res..

[11]  Jaideep Srivastava,et al.  Automatic personalization based on Web usage mining , 2000, CACM.

[12]  Constantinos Patsakis,et al.  Notice of RetractionTowards a formalistic measuring of security using stochastic calculus , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[13]  Mohammad Reza Meybodi,et al.  An efficient algorithm for web recommendation systems , 2009, 2009 IEEE/ACS International Conference on Computer Systems and Applications.

[14]  Ramakrishnan Srikant,et al.  Fast Algorithms for Mining Association Rules in Large Databases , 1994, VLDB.

[15]  Eyke Hüllermeier,et al.  A systematic approach to the assessment of fuzzy association rules , 2006, Data Mining and Knowledge Discovery.