Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete—the traditional approach for calculating reliability—is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

[1]  Ronald R. Yager OWA trees and their role in security modeling using attack trees , 2006, Inf. Sci..

[2]  Gurpreet Dhillon,et al.  Value‐focused assessment of information system security in organizations , 2006, Inf. Syst. J..

[3]  Kehe Wu,et al.  An Information Security Threat Assessment Model based on Bayesian Network and OWA Operator , 2014 .

[4]  Xia Wang,et al.  Software fault tree and coloured Petri net-based specification, design and implementation of agent-based intrusion detection systems , 2007, Int. J. Inf. Comput. Secur..

[5]  Ching-Hsue Cheng,et al.  A risk assessment methodology using intuitionistic fuzzy set in FMEA , 2010, Int. J. Syst. Sci..

[6]  Krassimir T. Atanassov,et al.  Intuitionistic fuzzy sets , 1986 .

[7]  Hong-Zhong Huang,et al.  Posbist fault tree analysis of coherent systems , 2004, Reliab. Eng. Syst. Saf..

[8]  S. Rahman Reliability Engineering and System Safety , 2011 .

[9]  Chia-Nan Wang,et al.  Evaluating the manufacturing capability of a lithographic area by using a novel vague GERT , 2011, Expert Syst. Appl..

[10]  Zhou-Jing Wang,et al.  An approach to multiattribute decision making with interval-valued intuitionistic fuzzy assessments and incomplete weights , 2009, Inf. Sci..

[11]  Jensen J. Zhao,et al.  Opportunities and threats: A security assessment of state e-government websites , 2010, Gov. Inf. Q..

[12]  Andreas L. Opdahl,et al.  Experimental comparison of attack trees and misuse cases for security threat identification , 2009, Inf. Softw. Technol..

[13]  Jayanta Bhattacharya,et al.  Reliability Analysis of a conveyor system using hybrid data , 2007, Qual. Reliab. Eng. Int..

[14]  Zne-Jung Lee,et al.  Apply Fuzzy Decision Tree to Information Security Risk Assessment , 2014 .

[15]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[16]  W.-L. Gau,et al.  Vague sets , 1993, IEEE Trans. Syst. Man Cybern..

[17]  Ching-Hsue Cheng,et al.  Reliability assessment of an aircraft propulsion system using IFS and OWA tree , 2008 .

[18]  Andrew Blyth An Architecture for An XML Enabled Firewall , 2009, Int. J. Netw. Secur..

[19]  M. Naceur Azaiez,et al.  Optimal resource allocation for security in reliability systems , 2007, Eur. J. Oper. Res..

[20]  Gui-Wu Wei,et al.  GRA method for multiple attribute decision making with incomplete weight information in intuitionistic fuzzy setting , 2010, Knowl. Based Syst..

[21]  Ching-Hsue Cheng,et al.  The reliability of general vague fault-tree analysis on weapon systems fault diagnosis , 2006, Soft Comput..

[22]  Ching-Hsue Cheng,et al.  A novel general approach to evaluating the PCBA for components with different membership function , 2009, Appl. Soft Comput..

[23]  T. Tidwell,et al.  Modeling Internet Attacks , 2022 .

[24]  Jun Ye,et al.  Fuzzy decision-making method based on the weighted correlation coefficient under intuitionistic fuzzy environment , 2010, Eur. J. Oper. Res..

[25]  Hiromitsu Kumamoto,et al.  Viewpoint of ISO GMITS and probabilistic risk assessment in information security , 2008 .

[26]  Humberto Bustince,et al.  Vague sets are intuitionistic fuzzy sets , 1996, Fuzzy Sets Syst..

[27]  Saman Asadi Value focused assessment of information system security , 2014 .