Artificial immunity-based model for information system security risk evaluation

An artificial immunity principle based model for information system security risk evaluation is proposed. Recognition of harmful antigen by immunocytes is simulated. Immature, mature and memory detectors are defined. Evolution process of the detector is derived with math method. The math model in which the detectors recognize threats is constructed. The intensity of a threat and the vulnerability in the information system are recognized. The quantitative computation equation of security risk is deduced through the threats and vulnerabilities. The theoretical analysis shows that the proposed model provides a new approach for the information system security risk evaluation in real-time and quantity.

[1]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[2]  Chen Yue Danger Theory Based Network Risk Evaluation Model , 2007 .

[3]  Song Chen A Real-Time Method of Risk Evaluation Based on ArtificialImmune System for Network Security , 2005 .

[4]  Tao Li,et al.  An immunity based network security risk estimation , 2005, Science in China Series F: Information Sciences.

[5]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[6]  Sheng-Yuan Wang,et al.  Survey of Information Security Risk Assessment , 2010, 2010 International Conference on Electrical and Control Engineering.

[7]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  M. Bohanec,et al.  The Analytic Hierarchy Process , 2004 .

[9]  Stephanie Forrest,et al.  Immunity by design: an artificial immune system , 1999 .

[10]  Zhang Yu-qing Survey of information security risk assessment , 2004 .

[11]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..