INVESTIGATION OF THE METHOD OF EVALUATING THE EFFECTIVENESS OF THE INFORMATION SECURITY SYSTEM BASED ON FUZZY INFERENCE

Aasso Ziro; Sergiy Gnatyuk; Shara Toibayeva

doi:10.37943/13DZEV3953

Authors

Aasso Ziro Al-Farabi Kazakh National University https://orcid.org/0000-0002-5952-877X
Sergiy Gnatyuk National Aviation University https://orcid.org/0000-0003-4992-0564
Shara Toibayeva Almaty University of Power Engineering and Telecommunications (AUPET) named after G. Daukeev https://orcid.org/0000-0002-2027-0396

DOI:

https://doi.org/10.37943/13DZEV3953

Keywords:

information security, audit, fuzzy modeling, cybersecurity, penetration testing

Abstract

As organizations increasingly rely on digital technology to operate, protecting their information and data has become a critical concern. Information security systems are designed to safeguard digital assets against unauthorized access, use, disclosure, disruption, modification, or destruction. However, evaluating the effectiveness of an information security system can be challenging due to the complexity of the system and the diversity of threats it faces. In recent years, researchers have proposed using fuzzy inference to evaluate the effectiveness of information security systems. Fuzzy inference is a mathematical approach that can handle uncertain and imprecise information, making it well-suited for evaluating the effectiveness of information security systems. This research aims to develop a method for evaluating the effectiveness of an information security system based on fuzzy inference. The proposed method uses a set of performance indicators to measure the effectiveness of the system, such as the number of security incidents detected, the response time to security incidents, and the number of false positives and false negatives [1]. These indicators are then combined using fuzzy inference to generate an overall effectiveness score for the system. The proposed method will be evaluated using a real-world case study of an information security system deployed in an organization. The effectiveness score generated by the fuzzy inference method will be compared to the results obtained using traditional evaluation methods, such as the cost-benefit analysis or the return-on-investment analysis. The results of the study will demonstrate the effectiveness and usefulness of the proposed method for evaluating information security systems.

Author Biographies

Aasso Ziro, Al-Farabi Kazakh National University

3rd year PhD student, Faculty of IT

Sergiy Gnatyuk, National Aviation University

Doctor of Technical Sciences, Professor, Deputy Dean of the Faculty of Cybersecurity, Computer and Software Engineering

Shara Toibayeva, Almaty University of Power Engineering and Telecommunications (AUPET) named after G. Daukeev

PhD, Department of Automation and Control

References

Gnatyuk, S. (2016). Critical aviation information systems cybersecurity. NATO Science for Peace and Security. IOS Press Ebooks, 47(3), 308-316.

Aibekova, A., & Selvarajah, V. (2022, April). Offensive Security: Study on Penetration Testing Attacks, Methods, and their Types. In 2022 IEEE International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE) (pp. 1-9). IEEE. https://doi.org/10.1109/ICDCECE53908.2022.9792772

Slunjski, M., Sumina, D., Groš, S., & Erceg, I. (2022). Off-the-Shelf Solutions as Potential Cyber Threats to Industrial Environments and Simple-To-Implement Protection Methodology. IEEE Access, 10, 114735-114748. https://doi.org/10.1109/ACCESS.2022.3217797

Almubairik, N.A., & Wills, G. (2016, December). Automated penetration testing based on a threat model. In 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST) (pp. 413-414). IEEE. https://doi.org/10.1109/ICITST.2016.7856742

National Institute of Standards and Technology Special Publication. (Sep. 2008). Natl. Inst. Stand. Technol. Spec. Publ, 800-115, 80.

Goel, S., & Chen, V. (2005). Information security risk assessment –a matrix-based approach. University at Albany, SUNY.

Xu, Y., Yang, Y., Li, T., Ju, J., & Wang, Q. (2017, November). Review on cyber vulnerabilities of communication protocols in industrial control systems. In 2017 IEEE Conference on Energy Internet and Energy System Integration (EI2) (pp. 1-6). IEEE. https://doi.org/10.1109/EI2.2017.8245509

Svalin, K., Mellgren, C., Levander, M.T., & Levander, S. (2018). Police employees’ violence risk assessments: The predictive validity of the B-SAFER and the significance of protective actions. International journal of law and psychiatry, 56, 71–79. https://doi.org/10.1016/j.ijlp.2017.09.001

Wei, W.A. et al. Multi-hazard comprehensive risk assessment based on coupling incentive mechanism. China Saf. Sci. J. 29, 161–167 (2019). Wei, W.A.N.G., Chenhong, X.I.A., Donghui, M.A., & Jingyu, S.U. (2019). Multi-hazard comprehensive risk assessment based on coupling incentive mechanism. China Safety Science Journal, 29(3), 161. https://doi.org/10.16265/j.cnki.issn1003-3033.2019.03.027

Yang, B. (2019). Dynamic risk identification safety model based on fuzzy support vector machine and immune optimization algorithm. Safety science, 118, 205-211. https://doi.org/10.1016/j.ssci.2019.05.022

Xu, J., Du, X., Cai, W., Zhu, C., & Chen, Y. (2019). MeURep: A novel user reputation calculation approach in personalized cloud services. PloS one, 14(6), e0217933. https://doi.org/10.1371/journal.pone.0217933

Lu, Y., Fang, Y., & Qin, J. (2019, October). A trust assessment model based on recommendation and dynamic self-adaptive in cloud service. In Journal of Physics: Conference Series (Vol. 1325, No. 1, p. 012007). IOP Publishing. https://doi.org/10.1088/1742-6596/1325/1/012007

Huang, C., He, L., Liao, X., Dai, H., & Ji, M. (2016). Developing a trustworthy computing framework for clouds. International Journal of Embedded Systems, 8(1), 59-68. https://doi.org/10.1504/IJES.2016.073753

Kurdi, H., Alfaries, A., Al-Anazi, A., Alkharji, S., Addegaither, M., Altoaimy, L., & Ahmed, S. H. (2019). A lightweight trust management algorithm based on subjective logic for interconnected cloud computing environments. The Journal of Supercomputing, 75, 3534-3554. https://doi.org/10.1007/s11227-018-2669-y

Topaloğlu, F., & Pehlıvan, H. (2018, March). Comparison of Mamdani type and Sugeno type fuzzy inference systems in wind power plant installations. In 2018 6th international symposium on digital forensic and security (ISDFS) (pp. 1-4). IEEE. https://doi.org/10.1109/ISDFS.2018.8355384

Hamdaouy, A.E., Salhi, I., Belattar, A., & Doubabi, S. (2017). Takagi–Sugeno fuzzy modeling for three-phase micro hydropower plant prototype. International Journal of Hydrogen Energy, 42(28), 17782-17792. https://doi.org/10.1016/j.ijhydene.2017.02.167

Ebrahimnejad, A., & Verdegay, J.L. (2018). Fuzzy sets-based methods and techniques for modern analytics (Vol. 364). Cham: Springer. https://doi.org/10.1007/978-3-319-73903-8

Vimercati, S.D.C., Foresti, S., Livraga, G., Piuri, V., & Samarati, P. (2019). A fuzzy-based brokering service for cloud plan selection. IEEE Systems Journal, 13(4), 4101-4109. https://doi.org/10.1109/JSYST.2019.2893212

Shumsky, A.A., & Shelupanov, A.A. (2005). Sistemny analiz v zashchite informatsii [System Analysis in Information Security]. Moscow, Gelios ARV Publ.

INVESTIGATION OF THE METHOD OF EVALUATING THE EFFECTIVENESS OF THE INFORMATION SECURITY SYSTEM BASED ON FUZZY INFERENCE

Authors

DOI:

Keywords:

Abstract

Author Biographies

Aasso Ziro, Al-Farabi Kazakh National University

Sergiy Gnatyuk, National Aviation University

Shara Toibayeva, Almaty University of Power Engineering and Telecommunications (AUPET) named after G. Daukeev

References

Downloads

Published

How to Cite

Issue

Section

License