Building hybrid Fuzzy system for Risk Management of Information

Systems Security

2016
:



.







.

:



:
)1


.
)2


.

)3
.
)4



.
)5

.

:


:
)1

.
)2
.
)3 .
)4
.NLS-KDD Data Set

1
 .







NLS-KDD Data Set
.

.

:


.4

4




NLS-KDD Data Set
.

:
:


:
.1 " 2014
" .4


NLS-KDD Data Set
C4.5 C4.5

.% 81.53
.2 " 2013
"NSL-KDD .
) (NIDS
PCA .
.NSL-KDD
PCA

2
 NSL-KDD
.% 92.69
.3 "2013
"
.




.

.
.
.4 2013
.




.


.
.5 "2008
" 16 2.


.


.
.

:
1- Chen F, 2015, "An Investigation and Evaluation of Risk Assessment Methods in
Information systems", Master Of Science Thesis at Computer Science and Engineering
Department, Chalmers University of Technology, Goteborg, Sweden.
" "

ISO 27k NIST SP 800
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE),
Consultative Objective and Bi-functional Risk Analysis(COBRA), Cost-of-Risk Analysis (CORA),
Delphi )Analytical Hierarchy Process (AHP
) Event tree analysis (ETA

.

3

. (AI) Artificial Intelligence
.
ISO 27 k
.
2- Dilek S, et al, 2015" Applications Of Artificial Intelligence Techniques To Combating
Cyber Crimes: A Review ", International Journal of Artificial Intelligence & Applications
(IJAIA), Vol. 6, No. 1.
" :"



.





.
3- Lee Z, Chang L, 2014," Apply Fuzzy Decision Tree to Information Security Risk
Assessment", International Journal of Fuzzy Systems, Vol. 16, No. 2.
" "




155
22 ISO / IEC
27001 ISO / IEC 27005: 2008
BPN ) Fuzzy c-means (FCM
( Support vector machine (SVM

.% 96.8

.
4- Kumbhar S, 2014, "An Overview on Use of Artificial Intelligence Techniques in
Effective Security Management", International Journal of Innovative Research in Computer
and Communication Engineering, Vol. 2, Issue 9.
" "



:
.
.
.
.

4
 .


.
5- Subrahmanyam K, et al, 2014," Information Security and Risk Management for
Banking System", International Journal of Computer Trends and Technology (IJCTT),
volume 10, number3.
" "


.


. .



.
.
FCM

.
6. Kiran K, et al, 2013, A Novel Risk Analysis and Mitigation Method In Distributed
Banking System International Journal of Advances in Engineering & Technology, Vol. 6, pp.
1593-1602.
" "




.
.

.
7. Syamsuddin I, Hwang J, 2010, "A New Fuzzy MCDM Framework to Evaluate E-
Government Security Strategy", IEEE.
" "




( )

( triad
Confidentiality Integrity )Availability

5


.
8. Aburrous M, et al, 2009 Modelling Intelligent Phishing Detection System for e-
Banking using Fuzzy Data Mining, International Conference on CyberWorlds IEEE.
" "




.


( URL
)


.

6
 :



.



.




. .

ISO

NISTISO





1
0
0 0.25 0.5 0.75 1
)(x
1
1

0
0 0.25 0.5 0.75 1
0.5

0 X
1 0 0.25 0.5 0.75 1
0
0 0.25 0.5 0.75 1

1

0
0 0.25 0.5 0.75 1
:


:
.1
.2
.3
.4
.5
.6
.7
:
:
1-1
2-1 ( )
3-1
4-1
5-1
: .

8
 1-2
3-2
4-2
5-2
1-5-2 :
2-5-2 :
3-5-2 :
4-5-2 :
6-2
:
:
1-1
2-1 .
3-1
4-1
4-1
5-1
6-1
:
1-2 FAHP
2-2 Changs
3-2 FAHP Changs
:
1-3
2-3
3-3
4-3
:
1-4
2-4
3-4
4-4
:
1 -1 4
1-1-1 :
2-1-1 :
3-1-1 :
4-1-1 :
2-1
1-2-1 NSL-KDD
2-2-1

9

:
- 2011 .1

. ISO 27002"
:
" 2013 .1
. "NSL-KDD
" 2008 .2
. 2 16 "
2013 .3
.
" 2014 .4
.4 "

" 2013 .5
"
.
English References
Books:
1. International Standard Organization, ISO/IEC 27005, 2008, Information technology
Security techniques -Security Risk Management.
2. National Institute of Standards and Technology, 2015, Privacy Risk Management for
Federal Information Systems", National Institute of Standards and Technology Internal Report
8062.
3. National Institute of Standards and Technology, 2014, "Supply Chain Risk
Management Practices for Federal Information Systems and Organizations", (Second
Draft) NIST Special Publication 800-161.
4. National Institute of Standards and Technology, 2011, Managing Information
Security Risk Organization, Mission, and Information System View, Special Publication
800-39.
5. National Institute of Standards and Technology, 2002, Risk Management Guide for
Information Technology Systems, NIST Special Publication 54 pages.
6. National Institute of Standards and Technology, 2012, Guide for Conducting Risk
Assessments, NIST Special Publication.
7. National Institute of Standards and Technology, 2013,Glossary of Key Information
Security Terms NIST IR 7298 Revision 2.
8. Sivanandam, Sumathi, Deepa, 2007,Introduction to Fuzzy Logic using MATLAB,
Springer.
9. Timothy, Ross. J, 2010, Fuzzy logic with engineering applications, Third Edition, A
John Wiley and Sons.
10. Wayne Jansen, 2009, Directions in Security Metrics Research, National Institute of
Standards and Technology (NIST).
Researches and Studies:
1. Aburrous. M, et al, 2009 Modelling Intelligent Phishing Detection System for e-
Banking using Fuzzy Data Mining, International Conference on CyberWorlds IEEE

10
2. AMANCEI C, 2011, Practical Methods for Information Security Risk Management,
Information Economical vol. 15
3. Dilek S, et al, 2015" Applications Of Artificial Intelligence Techniques To Combating
Cyber Crimes: A Review ", International Journal of Artificial Intelligence & Applications
(IJAIA), Vol. 6, No. 1.
4. Kiran K, et al, 2013, A Novel Risk Analysis and Mitigation Method In Distributed
Banking System International Journal of Advances in Engineering & Technology, Vol. 6, pp.
1593-1602.
5. Kumbhar S, 2014, "An Overview on Use of Artificial Intelligence Techniques in
Effective Security Management", International Journal of Innovative Research in Computer
and Communication Engineering, Vol. 2, Issue 9.
6. Lee Z, Chang L, 2014," Apply Fuzzy Decision Tree to Information Security Risk
Assessment", International Journal of Fuzzy Systems, Vol. 16, No. 2.
7. Ming Ch, February 2014, Information Security Risk Analysis Methods and Research
Trends: AHP and Fuzzy Comprehensive Method, International Journal of Computer
Science & Information Technology (IJCSIT) Vol 6, No1.
8. Pandey S, Mustafa. K ,2012, "A Comparative Study of Risk Assessment Methodologies
for Information Systems"Bulletin of Electrical Engineering and Informatics ,Vol.1, No.2, pp.
111-122.
9. Shajari Sh, et al, 2012, Fuzzy Multi-Criteria Decision-Making for Information
Security Risk Assessment, The Open Cybernetics & Systematics Journal, vol.6.
10. Subrahmanyam K, et al, 2014," Information Security and Risk Management for
Banking System", International Journal of Computer Trends and Technology (IJCTT), volume
10, number 3.
11. Syamsuddin I, Hwang J, 2010, "A New Fuzzy MCDM Framework to Evaluate E-
Government Security Strategy", IEEE.
12. Web Application Security Project 2013 OWASP Top 10-2013 the Ten Most
Critical Web Application Security Risks.
Dissertations:
1. JAYAWARDANA B., 2011, Information Security Challenges In Relation To
Enterprise Security Policies in The Financial Sector in SRI LANKA Masters In
Information Systems Management, University of Colombo.
2. Chen F, 2015, "An Investigation and Evaluation of Risk Assessment Methods in
Information systems", Master Of Science Thesis at Computer Science and Engineering
Department, Chalmers University of Technology, Goteborg, Sweden.
3. Van J, 2012,"Multi-criteria decision model inference and application in information
security risk classification, Master Thesis of Computational Economics, Erasmus School of
Economics, Erasmus University Rotterdam.

11