Assessment of E-Commerce security using AHP and evidential reasoning

In the development of E-Commerce, security has always been the core and key issue. In this paper, a new model is proposed to assist E-Commerce practitioners in the assessment of E-Commerce security. The proposed model is based on Analytical Hierarchy Process (AHP) and Dempster-Shafer (DS) theory of evidence. First, according to the characteristics of E-Commerce, a hierarchical structure of E-Commerce security is established to calculate the weights of relevant issues using AHP. Then Dempster-Shafer theory of evidence is applied to combine all the issues, regarded as evidences, in order to derive a consensus decision for the degree of E-Commerce security. An illustrative example is given to show the efficiency of our model.

[1]  Pavel V. Sevastjanov,et al.  A new approach to the rule-base evidential reasoning: Stock trading expert system application , 2010, Expert Syst. Appl..

[2]  Avi Rushinek,et al.  Backup and recovery in accounting information systems , 1985 .

[3]  Umberto Straccia,et al.  Fuzzy matchmaking in e-marketplaces of peer entities using Datalog , 2009, Fuzzy Sets Syst..

[4]  Jing-Jang Hwang,et al.  Greater protection for credit card holders: a revised SET protocol , 1998, Comput. Stand. Interfaces.

[5]  Srecko Brlek,et al.  A flaw in the electronic commerce protocol SET , 2006, Inf. Process. Lett..

[6]  Ming-Kuen Chen,et al.  The critical factors of success for information service industry in developing international market: Using analytic hierarchy process (AHP) approach , 2010, Expert Syst. Appl..

[7]  E. W. T. Ngai,et al.  A literature review and classification of electronic commerce research , 2002, Inf. Manag..

[8]  Ludovic-Alexandre Vidal,et al.  Applying AHP to select drugs to be produced by anticipation in a chemotherapy compounding unit , 2010, Expert Syst. Appl..

[9]  Morteza Pakdin Amiri,et al.  Project selection for oil-fields development by using the AHP and fuzzy TOPSIS methods , 2010, Expert Syst. Appl..

[10]  Alok Gupta,et al.  Digital signature: use and modification to achieve success in next generational e-business processes , 2004, Inf. Manag..

[11]  Ying Wu,et al.  A new linguistic MCDM method based on multiple-criterion data fusion , 2011, Expert Syst. Appl..

[12]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.

[13]  José M. Troya,et al.  Specification of a framework for the anonymous use of privileges , 2006, Telematics Informatics.

[14]  Theodore Tryfonas,et al.  Standardising business application security assessments with pattern-driven audit automations , 2008, Comput. Stand. Interfaces.

[15]  Arthur P. Dempster,et al.  Upper and Lower Probabilities Induced by a Multivalued Mapping , 1967, Classic Works of the Dempster-Shafer Theory of Belief Functions.

[16]  Alex X. Liu,et al.  Firewall policy verification and troubleshooting , 2009, Comput. Networks.

[17]  Qingxiang Wu,et al.  Risk Assessment of E-Commerce Projects Using Evidential Reasoning , 2006, FSKD.

[18]  Gerald V. Post,et al.  Computer security and operating system updates , 2003, Inf. Softw. Technol..

[19]  Milan Daniel,et al.  Associativity in combination of belief functions; a derivation of minC combination , 2003, Soft Comput..

[20]  Robert M. O'Keefe,et al.  The impact of religious affiliation on trust in the context of electronic commerce , 2004, Interact. Comput..

[21]  Yong Deng,et al.  A new fuzzy dempster MCDM method and its application in supplier selection , 2011, Expert Syst. Appl..

[22]  Niklas Aldin,et al.  Electronic commerce, marketing channels and logistics platforms--a wholesaler perspective , 2003, Eur. J. Oper. Res..

[23]  David J. Ketchen,et al.  The value of human resource management for organizational performance , 2007 .

[24]  Chin-Chen Chang,et al.  A countable and time-bound password-based user authentication scheme for the applications of electronic commerce , 2009, Inf. Sci..

[25]  Kim-Phuong L. Vu,et al.  Effectiveness of image-based mnemonic techniques for enhancing the memorability and security of user-generated passwords , 2010, Comput. Hum. Behav..

[26]  Hervé Debar,et al.  Authenticating public terminals , 1999, Comput. Networks.

[27]  R. Ramanathan The moderating roles of risk and efficiency on the relationship between logistics performance and customer loyalty in e-commerce , 2010 .

[28]  S. Furnell E-commerce security: a question of trust , 2004 .

[29]  Jake V. Th. Knoppers Global electronic commerce through localization and multilingualism , 1998 .

[30]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[31]  Philippe Smets,et al.  Decision making in the TBM: the necessity of the pignistic transformation , 2005, Int. J. Approx. Reason..

[32]  Albin Zuccato,et al.  Holistic security requirement engineering for electronic commerce , 2004, Comput. Secur..

[33]  Eric W. T. Ngai,et al.  Evaluation of knowledge management tools using AHP , 2005, Expert Syst. Appl..

[34]  T. Saaty How to Make a Decision: The Analytic Hierarchy Process , 1990 .

[35]  Deng Yong,et al.  A SUBJECTIVE METHODOLOGY FOR RISK QUANTIFICATION BASED ON GENERALIZED FUZZY NUMBERS , 2008 .

[36]  Kazuhiro Ogata,et al.  Proof Score Approach to Analysis of Electronic Commerce Protocols , 2010, Int. J. Softw. Eng. Knowl. Eng..

[37]  Rajesh Aggarwal,et al.  INTERNAL CONTROL CONSIDERATIONS FOR GLOBAL ELECTRONIC DATA INTERCHANGE , 1998 .

[38]  Steven Guan,et al.  A Modularized Electronic Payment System for Agent-based E-commerce , 2004, J. Res. Pract. Inf. Technol..

[39]  Matt Tomlinson Tackling E-commerce Security Issues Head On , 2000 .

[40]  Van-Nam Huynh,et al.  Adaptively entropy-based weighting classifiers in combination using Dempster-Shafer theory for word sense disambiguation , 2010, Comput. Speech Lang..

[41]  E. K. Park,et al.  A Software Framework for Non-Repudiation Service based on Adaptive~Secure Methodology in Electronic Commerce , 2004, Inf. Syst. Frontiers.

[42]  Eric W. T. Ngai,et al.  Selection of web sites for online advertising using the AHP , 2003, Inf. Manag..

[43]  Iain Franklin Protecting The Web Server And Applications , 2001, Comput. Secur..

[44]  Francisco José Madrid-Cuevas,et al.  Shape from silhouette using Dempster-Shafer theory , 2010, Pattern Recognit..

[45]  Elmarie Kritzinger,et al.  Information security management: An information security retrieval and awareness model for industry , 2008, Comput. Secur..

[46]  Jian-Bo Yang,et al.  System reliability prediction model based on evidential reasoning algorithm with nonlinear optimization , 2010, Expert Syst. Appl..

[47]  Ahmed Patel,et al.  LAN security: problems and solutions for Ethernet networks , 2000 .

[48]  Yong Deng,et al.  Target Recognition Based on Fuzzy Dempster Data Fusion Method , 2010 .

[49]  George Stephanides,et al.  The concept of security and trust in electronic payments , 2005, Comput. Secur..

[50]  Jian-Bo Yang,et al.  The evidential reasoning approach for MADA under both probabilistic and fuzzy uncertainties , 2006, Eur. J. Oper. Res..

[51]  Cheolho Yoon,et al.  The effects of national culture values on consumer acceptance of e-commerce: Online shoppers in China , 2009, Inf. Manag..

[52]  Dong Hoon Lee,et al.  Trapdoor security in a searchable public-key encryption scheme with a designated tester , 2010, J. Syst. Softw..

[53]  Luis Marti,et al.  Refereed papers: Cryptography Regulations for E-commerce and Digital Rights Management. , 2001 .

[54]  Ping Luo,et al.  A scalable authentication model based on public keys , 2008, J. Netw. Comput. Appl..

[55]  Albin Zuccato,et al.  Holistic security management framework applied in electronic commerce , 2007, Comput. Secur..

[56]  Aashish Srivastava Electronic signatures and security issues: An empirical study , 2009, Comput. Law Secur. Rev..

[57]  Mourad Debbabi,et al.  A new logic for electronic commerce protocols , 2003, Theor. Comput. Sci..

[58]  Jian-Bo Yang,et al.  The evidential reasoning approach for multi-attribute decision analysis under interval uncertainty , 2006, Eur. J. Oper. Res..

[59]  Yong Deng,et al.  Modeling contaminant intrusion in water distribution networks: A new similarity-based DST method , 2011, Expert Syst. Appl..

[60]  Eric Lefevre,et al.  Belief function combination and conflict management , 2002, Inf. Fusion.

[61]  Deng Yong Plant location selection based on fuzzy TOPSIS , 2006 .

[62]  Shanlin Yang,et al.  The group consensus based evidential reasoning approach for multiple attributive group decision analysis , 2010, Eur. J. Oper. Res..

[63]  K. Passi,et al.  Agent based e-commerce systems that react to buyers' feedbacks - A fuzzy approach , 2010, Int. J. Approx. Reason..

[64]  Jian-Bo Yang,et al.  Environmental impact assessment using the evidential reasoning approach , 2006, Eur. J. Oper. Res..

[65]  Nigel Miller Establishing web sites - legal issues and risks , 1996, Comput. Secur..

[66]  Jian-Bo Yang,et al.  The evidential reasoning approach for multiple attribute decision analysis using interval belief degrees , 2006, Eur. J. Oper. Res..

[67]  Jordi Torres,et al.  Designing an overload control strategy for secure e-commerce applications , 2007, Comput. Networks.

[68]  Thierry Denoeux,et al.  Constructing consonant belief functions from sample data using confidence sets of pignistic probabilities , 2008, Int. J. Approx. Reason..

[69]  Catherine K. Murphy Combining belief functions when evidence conflicts , 2000, Decis. Support Syst..

[70]  Zhigang Feng,et al.  Research on health evaluation system of liquid-propellant rocket engine ground-testing bed based on fuzzy theory , 2007 .

[71]  Ibrahim Kamel A schema for protecting the integrity of databases , 2009, Comput. Secur..

[72]  Wang Tao,et al.  An empirical study of customers' perceptions of security and trust in e-payment systems , 2010, Electron. Commer. Res. Appl..

[73]  Philippe Smets,et al.  The Transferable Belief Model , 1994, Artif. Intell..

[74]  Athar Kharal,et al.  Homeopathic drug selection using Intuitionistic Fuzzy Sets , 2009, Homeopathy.

[75]  T. C. Edwin Cheng,et al.  Potential risks to e-commerce development using exploratory factor analysis , 2005, Int. J. Serv. Technol. Manag..

[76]  Gilliaume Oosthuizen Feature: Security issues related to E-commerce , 1998 .

[77]  Rossouw von Solms,et al.  From Risk Analysis to Security Requirements , 2001, Comput. Secur..

[78]  Joobin Choobineh,et al.  Enterprise information security strategies , 2008, Comput. Secur..

[79]  E. Eugene Schultz,et al.  Risks due to convergence of physical security systems and information technology environments , 2007, Inf. Secur. Tech. Rep..

[80]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[81]  Yong Deng,et al.  Evaluating Sensor Reliability in Classification Problems Based on Evidence Theory , 2006, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[82]  Deng Yong,et al.  Evaluating the Main Battle Tank Using Fuzzy Number Arithmetic Operations , 2006 .

[83]  France Bélanger,et al.  Trustworthiness in electronic commerce: the role of privacy, security, and site attributes , 2002, J. Strateg. Inf. Syst..

[84]  Shi Wen-kang,et al.  Combining belief functions based on distance of evidence , 2004 .