Improving risk assessment model of cyber security using fuzzy logic inference system

This paper describes the impacts of criminal activities based on the nature of the crime, the victim, and the basis (whether short-term or long-range/term) of the impacts of cybercrime on Internet. Recently many countries are facing numerous cyber threats including DoS (and DDoS), malware, website defamation, spam and phishing email attacks. Due to these cybercrimes evolution, identifying and assessing security risk is crucial to access data from new technologies, and also trying to understand how technologies can be abused. Therefore, there is a need to develop a special cyber security risk assessment model to tackle over these cyber threats. In this paper, we propose to utilize Fuzzy Inference Model (FIS) to produce risk assessment result based on the four risk factors which are: vulnerability, threat, likelihood and impact to specify the range of risks that can threaten any entity and try to solve such issues to proposed entities. We have performed various analyses on this factors and finally, our evaluation results show the viability of our proposed approach.

[1]  Raul Valverde,et al.  Security of E-Procurement Transactions in Supply Chain Reengineering , 2013, Comput. Inf. Sci..

[2]  Kim-Kwang Raymond Choo,et al.  Forensic-by-Design Framework for Cyber-Physical Cloud Systems , 2016, IEEE Cloud Computing.

[3]  Rahul Choudhary,et al.  Fuzzy Based Evaluation Model of a Systems Security , 2012 .

[4]  Allen D. Householder,et al.  Managing the Threat of Denial-of-Service Attacks , 2001 .

[5]  Adriano Valenzano Industrial Cybersecurity: Improving Security Through Access Control Policy Models , 2014, IEEE Industrial Electronics Magazine.

[6]  A. S. Sodiya,et al.  Software Security Risk Analysis Using Fuzzy Expert System , 2015 .

[7]  Raul Valverde,et al.  A Fraud Detection System Based on Anomaly Intrusion Detection Systems for E-Commerce Applications , 2014, Comput. Inf. Sci..

[8]  Kim-Kwang Raymond Choo,et al.  Cloud incident handling and forensic‐by‐design: cloud storage as a case study , 2017, Concurr. Comput. Pract. Exp..

[9]  F. Zidani,et al.  Fuzzy Risk Graph Model for Determining Safety Integrity Level , 2008 .

[10]  E. Kirubakaran,et al.  A Study on Cyber Crimes and protection , 2011 .

[11]  Reza Samizadeh,et al.  Risk Analysis in E-commerce via Fuzzy Logic , 2011 .

[12]  George O. Strawn,et al.  Implementing the Federal Cybersecurity R&D Strategy , 2015, Computer.

[13]  Kim-Kwang Raymond Choo,et al.  A survey of information security incident handling in the cloud , 2015, Comput. Secur..

[14]  Jeffrey W. Merhout,et al.  Information Technology Auditing: A Value-Added IT Governance Partnership between IT Management and Audit , 2008, Commun. Assoc. Inf. Syst..

[15]  C. Roper Risk Management for Security Professionals , 1999 .

[16]  Merriam-Webster,et al.  The Merriam Webster Dictionary , 1983 .

[17]  Ming Chang Lee Information Security Risk Analysis Methods and Research Trends: AHP and Fuzzy Comprehensive Method , 2014 .

[18]  Diana White,et al.  APPLICATION OF SYSTEMS THINKING TO RISK MANAGEMENT:: A REVIEW OF THE LITERATURE , 1995 .

[19]  Barack Obama,et al.  Statement on the Release of the 'Framework for Improving Critical Infrastructure Cybersecurity' by the National Institute of Standards and Technology, February 12, 2014 , 2014 .

[20]  Kim-Kwang Raymond Choo,et al.  The cyber threat landscape: Challenges and future research directions , 2011, Comput. Secur..

[21]  F. Martin McNeill,et al.  Fuzzy Logic: A Practical Approach , 1994 .

[22]  Kim-Kwang Raymond Choo,et al.  Employees' Intended Information Security Behaviour in Real Estate Organisations: a Protection Motivation Perspective , 2015, AMCIS.

[23]  Kim-Kwang Raymond Choo,et al.  Information Privacy Concerns of Real Estate Customers and Information Security in the Real Estate Industry: an Empirical Analysis , 2015, AISC.

[24]  Eric W. T. Ngai,et al.  Fuzzy decision support system for risk analysis in e-commerce development , 2005, Decis. Support Syst..

[25]  Marianne Swanson,et al.  SP 800-18 Rev. 1. Guide for Developing Security Plans for Federal Information Systems , 2006 .

[26]  Kim-Kwang Raymond Choo,et al.  Cyber Security Readiness in the South Australian Government , 2014, Comput. Stand. Interfaces.

[27]  Hema Banati,et al.  Fuzzy Logic Approach for Threat Prioritization in Agile Security Framework using DREAD Model , 2013, ArXiv.

[28]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[29]  K. Joiner,et al.  Test Strategy to detect Industrial Control Systems' common Cyber Weaknesses and Vulnerabilities , 2017 .

[30]  Nir Kshetri Recent US Cybersecurity Policy Initiatives: Challenges and Implications , 2015, Computer.

[31]  Kim-Kwang Raymond Choo,et al.  Information security in the South Australian real estate industry: A study of 40 real estate organisations , 2014, Inf. Manag. Comput. Secur..

[32]  Kit Burden,et al.  Internet crime: Cyber Crime - A new breed of criminal? , 2003, Comput. Law Secur. Rev..