Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2014:2014:506714.
doi: 10.1155/2014/506714. Epub 2014 Oct 21.

Security threat assessment of an Internet security system using attack tree and vague sets

Kuei-Hu Chang  1
Affiliations

Security threat assessment of an Internet security system using attack tree and vague sets

Kuei-Hu Chang. ScientificWorldJournal. 2014.

Abstract

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

PubMed Disclaimer

Figures

Figure 1
Figure 1
Top causes of data breaches [4].
Figure 2
Figure 2
“AND” node and “OR” node.
Figure 3
Figure 3
Vague set explanation of a real number R.
Figure 4
Figure 4
Triangle vague sets A and B.
Figure 5
Figure 5
Attack tree of the Internet security system.
Figure 6
Figure 6
Parallel and series relationship of an attack tree diagram of the Internet security system.
Figure 7
Figure 7
Membership function for top event of Internet security system failure.
See this image and copyright information in PMC

References

    1. Tidwell T., Larson R., Fitch K., Hale J. Modeling internet attacks. Proceedings of the IEEE Workshop on Information Assurance and Security; 2001; United States Military Academy; pp. 54–59.
    1. Dhillon G., Torkzadeh G. Value-focused assessment of information system security in organizations. Information Systems Journal. 2006;16(3):293–314. doi: 10.1111/j.1365-2575.2006.00219.x. - DOI
    1. Satoh N., Kumamoto H., Kino Y. Viewpoint of ISO GMITS and probabilistic risk assessment in information security. International Journal of Systems Applications, Engineering and Development. 2008;2(4):237–244.
    1. Symantec Corporation Full report: internet security threat report. vol. 18, 2013.
    1. Opdahl A. L., Sindre G. Experimental comparison of attack trees and misuse cases for security threat identification. Information and Software Technology. 2009;51(5):916–932. doi: 10.1016/j.infsof.2008.05.013. - DOI

Publication types

LinkOut - more resources