INFORMATION SECURITY ASSESSMENT BASED ON MACHINE LEARNING TECHNOLOGY-FUZZY-GRA-AHP

With the advent of the information age, information security has become an urgent problem to be solved. Various application and platforms have not only brought convenience to people, but also brought hidden dangers - information security risks. This paper uses some of the machine learning technology - fuzzy computing and gray relation analysis (GRA), to analyze data of the three major video platforms of China, and takes the information security level as a new criterion to conduct the evaluation of their performance. An assessment model is constructed based on machine learning technology, namely the combination of fuzzy computing and GRA and analytic hierarchy process (AHP). Conclusions can be drawn as follows. First, consumers’ perception of video platform information security level is constantly being strengthened. Second, information security risks are affecting consumers' choice decisions about video platforms, and the weights will continue to increase. Third, video platforms are paying more attention to information security construction.

Download Full-text

Phát triển Framework ứng dụng AI hỗ trợ tự động khai thác lỗ hổng bảo mật

Journal of Science and Technology on Information security ◽

10.54654/isj.v1i13.234 ◽

2022 ◽

Vol 1 (13) ◽

pp. 80-92

Author(s):

Nguyễn Mạnh Thiên ◽

Phạm Đăng Khoa ◽

Nguyễn Đức Vượng ◽

Nguyễn Việt Hùng

Keyword(s):

Information System ◽

Reinforcement Learning ◽

Information Security ◽

Vulnerability Assessment ◽

Large Scale ◽

Learning Technology ◽

Security Assessment ◽

Security Vulnerability ◽

Different Levels

Tóm tắt—Hiện nay, nhiệm vụ đánh giá an toàn thông tin cho các hệ thống thông tin có ý nghĩa quan trọng trong đảm bảo an toàn thông tin. Đánh giá/khai thác lỗ hổng bảo mật cần được thực hiện thường xuyên và ở nhiều cấp độ khác nhau đối với các hệ thống thông tin. Tuy nhiên, nhiệm vụ này đang gặp nhiều khó khăn trong triển khai diện rộng do thiếu hụt đội ngũ chuyên gia kiểm thử chất lượng ở các cấp độ khác nhau. Trong khuôn khổ bài báo này, chúng tôi trình bày nghiên cứu phát triển Framework có khả năng tự động trinh sát thông tin và tự động lựa chọn các mã để tiến hành khai thác mục tiêu dựa trên công nghệ học tăng cường (Reinforcement Learning). Bên cạnh đó Framework còn có khả năng cập nhật nhanh các phương pháp khai thác lỗ hổng bảo mật mới, hỗ trợ tốt cho các cán bộ phụ trách hệ thống thông tin nhưng không phải là chuyên gia bảo mật có thể tự động đánh giá hệ thống của mình, nhằm giảm thiểu nguy cơ từ các cuộc tấn công mạng. Abstract—Currently, security assessment is one of the most important proplem in information security. Vulnerability assessment/exploitation should be performed regularly with different levels of complexity for each information system. However, this task is facing many difficulties in large-scale deployment due to the lack of experienced testing experts. In this paper, we proposed a Framework that can automatically gather information and automatically select suitable module to exploit the target based on reinforcement learning technology. Furthermore, our framework has intergrated many scanning tools, exploited tools that help pentesters doing their work. It also can be easily updated new vulnerabilities exploit techniques.

Download Full-text

Development of an E-Healthcare Information Security Risk Assessment Method

Journal of Database Management ◽

10.4018/jdm.2013010103 ◽

2013 ◽

Vol 24 (1) ◽

pp. 36-57 ◽

Cited By ~ 6

Author(s):

June Wei ◽

Binshan Lin ◽

Meiga Loho-Noya

Keyword(s):

Risk Factors ◽

Information Security ◽

Information Flow ◽

Assessment Method ◽

Assessment Model ◽

Risk Level ◽

Security Risk ◽

Security Risks ◽

Healthcare Information ◽

Information Security Risk

This paper developed a method to assess information security risks in e-healthcare. Specifically, it first developed a static E-Healthcare Information Security Risk (EHISR) model to present thirty-three security risk factors by identifying information security threats and their sources in e-healthcare. Second, a dynamic E-Healthcare Information Flow (EHIF) model was developed to logically link these information risk factors in the EHISR model. Pattern analysis showed that information security risks could be classified into two levels, and versatility analysis showed that the overall security risks for eight information flows were close with a range from 55% to 86%. Third, one quantifiable approach based on a relative-weighted assessment model was developed to demonstrate how to assess the information security risks in e-healthcare. This quantitative security risk measurement establishes a reference point for assessing e-healthcare security risks and assists managers in selecting a reliable information flow infrastructure with a lower security risk level.

Download Full-text

Digitalization Security as a Marker of Modern Mechanical Engineering Technology Implementation in the Context of Ensuring Strategic Economic Security of Enterprises

WSEAS TRANSACTIONS ON BUSINESS AND ECONOMICS ◽

10.37394/23207.2021.18.13 ◽

2021 ◽

Vol 18 ◽

pp. 117-125

Author(s):

Ievgeniia Mishchuk ◽

Svitlana Rebrova ◽

Petro Krush ◽

Dmytro Zinchenko ◽

Kateryna Astafieva

Keyword(s):

Information Security ◽

Technology Implementation ◽

Economic Security ◽

Machine Building ◽

Security Level ◽

Security Assessment ◽

Engineering Technology ◽

Economic Information ◽

High Level ◽

The Impact

The article demonstrates the impact of digitalization security on implementation of modernengineering technologies, substantiates their connections with provision of the strategic economic security of anenterprise, presents enhanced methods of assessing the current economic-information security of an enterprise’sinterests. The developed methods of digitalization security assessment have been tested at machine buildingenterprises of Ukraine. The security level has proved to be medium or low at most enterprises under study. Thework substantiates that absence of the systematic personnel policy aimed at personnel’s acquiring competences4.0, deficit of financing technologies 4.0 implementation, a low level of IT capital make it impossible to ensurea high level of strategic economic security at Ukraine’s machine building enterprises.

Download Full-text

Toward to Information Security of AI-Enhanced Weapons

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2021-5-5-11 ◽

2021 ◽

pp. 5-11

Author(s):

Vadim Gribunin ◽

◽

Sergey Kondakov ◽

Keyword(s):

Machine Learning ◽

Information Security ◽

System Analysis ◽

Learning Technologies ◽

Point Of View ◽

Learning Systems ◽

Security Assessment ◽

Military Equipment ◽

The Us ◽

Article Analysis

Purpose of the article: Analysis of intellectualized weapons using machine learning from the point of view of information security. Development of proposals for the deployment of work in the field of information security in similar products. Research method: System analysis of machine learning systems as objects of protection. Determination on the basis of the analysis of rational priority directions for improving these systems in terms of ensuring information security. Obtained result: New threats to information security arising from the use of weapons and military equipment with elements of artificial intelligence are presented. Machine learning systems are considered by the authors as an object of protection, which made it possible to determine the protected assets of such systems, their vulnerabilities, threats and possible attacks on them. The article analyzes the measures to neutralize the identified threats based on the taxonomy proposed by the US National Institute of Standards and Technology. The insufficiency of the existing regulatory methodological framework in the field of information protection to ensure the security of machine learning systems has been determined. An approach is proposed that should be used in the development and security assessment of systems using machine learning. Proposals for the deployment of work in the field of ensuring the security of intelligent weapons using machine learning technologies are presented.

Download Full-text

A Web based Information Security Risks Assessment Model

Journal of Internet Technology and Secured Transaction ◽

10.20533/jitst.2046.3723.2015.0050 ◽

2015 ◽

Vol 4 (3) ◽

pp. 396-404

Author(s):

B. K. Alese ◽

O. Oyebade ◽

O. Iyare ◽

Osuolale A. Festus ◽

A. F. Thompson

Keyword(s):

Information Security ◽

Assessment Model ◽

Security Risks ◽

Web Based ◽

Risks Assessment

Download Full-text

Evaluation of information security risks using hybrid assessment model

The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014) ◽

10.1109/icitst.2014.7038843 ◽

2014 ◽

Cited By ~ 3

Author(s):

B. K. Alese ◽

O. Oyebade ◽

Osuolale A. Festus ◽

O. Iyare ◽

A. F. Thompson

Keyword(s):

Information Security ◽

Assessment Model ◽

Security Risks

Download Full-text

DEVELOPMENT OF METHODOLOGICAL BASES FOR INFORMATION SECURITY ASSESSMENT AND DIAGNOSTICS OF AGRO-FOOD ENTERPRISES

Ukrainian Journal of Applied Economics ◽

10.36887/2415-8453-2019-3-21 ◽

2019 ◽

Vol 4 (3) ◽

pp. 188-197

Author(s):

Dmytro DIACHKOV

Keyword(s):

Information Security ◽

Practical Importance ◽

Economic Indicators ◽

Qualitative Assessment ◽

Estimation Methods ◽

Security Level ◽

Security Assessment ◽

Enterprise Information ◽

Agricultural Enterprises ◽

The Impact

Introduction. The purpose of the article was to develop methodological foundations for assessing and diagnosing the information security of agricultural enterprises. Methods of research. The tasks of the article were solved by means of general and special methods of research: analysis and synthesis, systematization and generalization, method of grouping, dialectical approach. Results. The ways and methods of the information security assessment of the enterprise were defined and characterized. Among them are: standard-based assessment, risk-oriented assessment and economic indicators. Much of the methodology for assessing the level of an enterprise information security, agrarian enterprise in particular, were based on the identification of information risks based on US and British methods CRAMM, FRAP, OCTAVE, NIST, MSAT, COBRA and Russian GRIF 2006 methodology. Originality. It was proved that for methodological bases development of estimation and diagnostics of enterprise information security level it is expedient to use advantages of estimation methods by standard, at risk of information system and using group and private indicators of economic component of information security estimation. Practical importance. The concept of the methodology development for economic assessment and information security diagnostics of agri-food enterprises was proposed, which takes into account the advantages of the considered diagnostics and assessment methods of the information security level of agricultural enterprises, offers a quantitative and qualitative assessment of its components, determines the impact of integrated indexes on the performance indicators and safety of subjects agricultural business, and, as a result, offer effective ways to optimize the management of information security companies in agri-food sector. The main scientific provisions of the article can be used in the practice of agricultural enterprises. Keywords: concept, economic indicators of assessment, enterprise of agro-food sphere, management of information security, methodology, methods of assessment of information security, risk-oriented approach, standard.

Download Full-text

An Approach for Security Assessment of Transmission Grid Concerning the Influence of Indices Balance

Key Engineering Materials ◽

10.4028/www.scientific.net/kem.467-469.1175 ◽

2011 ◽

Vol 467-469 ◽

pp. 1175-1181

Author(s):

An Jia Mao ◽

Jin He

Keyword(s):

Power System ◽

Comprehensive Evaluation ◽

Level Structure ◽

Evaluation Process ◽

Assessment Method ◽

Comprehensive Assessment ◽

Assessment Model ◽

Security Level ◽

Security Assessment ◽

Transmission Grid

Modern power system has been gradually developed into a complex system with the features of multi-level structure, multi-time scale, a variety of control parameters, wide-area, open, uncertainties, non-autonomous and it is difficult to indicate the security level of power system by a single index. Therefore, power system security assessment based on theory of comprehensive assessment is developed rapidly in recent years. However, traditional comprehensive assessment method considers few about the balance of the indices, when there are great differences between the value of the indices, it is easy to take place the phenomenon that the small indices has been “submerged”, which will influence the rationality of the comprehensive evaluation result. In this paper, a comprehensive assessment model which considers the influence of the index balance is established. By introducing the balance coefficient, the model can amend the original judgment matrix and the weight obtained by traditional AHP method. Since the coordinated and balanced situation of the indices have been reflected in the evaluation process, the results of the assessment model proposed in this paper has more scientific nature and more credibility. Finally, an example is provided to validate the model in this paper.

Download Full-text

MULTI-LEVEL ARCHITECTURE OF KNOWLEDGE MANAGEMENT SYSTEM TO IMPROVE INFORMATION SECURITY LEVEL

Interexpo GEO-Siberia ◽

10.33764/2618-981x-2021-6-194-200 ◽

2021 ◽

Vol 6 ◽

pp. 194-200

Author(s):

Amyrtaa K. Mongush ◽

Igor N. Karmanov

Keyword(s):

Decision Making ◽

Knowledge Management ◽

Information Security ◽

Management System ◽

Knowledge Exchange ◽

Knowledge Management System ◽

Security Level ◽

Security Risks ◽

Multi Level ◽

Individual Information

Information security is a major concern because security risks can greatly affect the assets of an organization. To increase the level of information security, it is proposed to use a knowledge management system with a multi-level architecture in order to improve knowledge exchange and facilitate decision-making, as well as reduce dependence on individual information security experts.

Download Full-text

Enterprise Risk Assessment Based on Machine Learning

Computational Intelligence and Neuroscience ◽

10.1155/2021/6049195 ◽

2021 ◽

Vol 2021 ◽

pp. 1-6

Author(s):

Boning Huang ◽

Junkang Wei ◽

Yuhong Tang ◽

Chang Liu

Keyword(s):

Machine Learning ◽

Risk Assessment ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Assessment Model ◽

Support Vector ◽

Learning Technology ◽

Risk Assessment Model ◽

Enterprise Risk ◽

Specific Implementation

Scientific risk assessment is an important guarantee for the healthy development of an enterprise. With the continuous development and maturity of machine learning technology, it has played an important role in the field of data prediction and risk assessment. This paper conducts research on the application of machine learning technology in enterprise risk assessment. According to the existing literature, this paper uses three machine learning algorithms, i.e., random forest (RF), support vector machine (SVM), and AdaBoost, to evaluate enterprise risk. In the specific implementation, the enterprise’s risk assessment indexes are first established, which comprehensively describe the various risks faced by the enterprise through a number of parameters. Then, the three types of machine learning algorithms are trained based on historical data to build a risk assessment model. Finally, for a set of risk indicators obtained under current conditions, the risk index is output through the risk assessment model. In the experiment, some actual data are used to analyze and verify the method, and the results show that the proposed three types of machine learning algorithms can effectively evaluate enterprise risks.

Download Full-text