Information Security Risk Assessment Based on Information Measure and Fuzzy Clustering

To address the problems of lack of training data and difficult to find optimal value in information security risk assessment, this paper applying a new information measure method and fuzzy clustering in information security risk assessment. The new method quantifies risk factors of all data and the dependence degree of safety with the mutual information computing. Then search optimal points in each degree of risk as original center points of K-means clustering algorithm, and use the K-means clustering algorithm for data classification. This method has less computation, and it can overcome the K-means’s shortcoming of sensitive to initial value and problem of  nonlinear and complexity of information security risk assessment. Experimental results show the effectiveness of our method

[1]  日本規格協会 情報技術 : 情報セキュリティ管理実施基準 : 国際規格 : ISO/IEC 17799 = Information technology : code of practice for infromation security management : international standard : ISO/IEC 17799 , 2000 .

[2]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[3]  Robert L. Winkler,et al.  Uncertainty in probabilistic risk assessment , 1996 .

[4]  Jiahang Yuan,et al.  Risk Assessment of Information Security Based on Grey Incidence and D-s Theory of Evidence , 2013 .

[5]  D.M. Mount,et al.  An Efficient k-Means Clustering Algorithm: Analysis and Implementation , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[6]  Wang Wei-ling Improved feature selection algorithm with conditional mutual information , 2007 .

[7]  Hock-Hai Teo,et al.  An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[8]  Evangelos A. Kiountouzis,et al.  Information systems security policies: a contextual perspective , 2005, Comput. Secur..

[9]  Zhao Dong-mei Risk Assessment of Information Security Based on Improved Wavelet Neural Network , 2010 .

[10]  Pedro Larrañaga,et al.  An empirical comparison of four initialization methods for the K-Means algorithm , 1999, Pattern Recognit. Lett..

[11]  Zhang Ming,et al.  SVM+BiHMM: A Hybrid Statistic Model for Metadata Extraction , 2008 .

[12]  Tao Zheng,et al.  Mechanisms for Lithium Insertion in Carbonaceous Materials , 1995, Science.

[13]  Kenneth Ward Church,et al.  Word Association Norms, Mutual Information, and Lexicography , 1989, ACL.

[14]  Ni Weijian Approach to Feature Selection of Spam Filtering Based on Contribution Difference , 2007 .

[15]  Zhang Yu-qing Survey of information security risk assessment , 2004 .

[16]  Thomas Peltier,et al.  Information Technology: Code of Practice for Information Security Management , 2001 .