Skip to main content

2018 | Supplement | Buchkapitel

13. Evaluation of the Dynamic Cybersecurity Risk Using the Entropy Weight Method

verfasst von : T. Hamid, D. Al-Jumeily, J. Mustafina

Erschienen in: Technology for Smart Futures

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The risk assessment of any network or security systems has a high level of uncertainties because usually probability and statistics were used to evaluate the security of different cybersecurity systems. In this book chapter, we will use Shannon entropy to represent the uncertainty of information utilised to calculate systems risk and entropy weight method since the weight of the object index is normally used and points to the significant components of the index. We evaluate the risk of security systems in terms of different vulnerabilities and protections existing in each host. A new methodology was developed to present an attack graph with a dynamic cost metric based on a Dynamic Vulnerability Scoring System (DVSS), and also a novel methodology to estimate and represent the cost-centric approach for each host’s states was followed up.
A framework is carried out on a test network, using Shannon entropy with the Nessus scanner to detect known vulnerabilities, to implement these results and to build and represent the dynamic cost-centric attack graph. We used the results to represent possible risks as a matrix. At the next stage, the proposed risk’s matrix was normalised to calculate the entropy and the entropy weight. Finally, the weight and the path will be used to evaluate and calculate the total risk in the system and suggest to the system administrator a clear guidance on the vulnerable security entities. We try to develop a novel approach to suggest the cybersecurity approach that is suitable for the majority of cyber systems by introducing the term security entities.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
2.
Zurück zum Zitat Hicks, C., McGovern, T., & Earl, C. F. (2000). Supply chain management: A strategic issue in engineer to order manufacturing. International Journal of Production Economics, 65, 179–190.CrossRef Hicks, C., McGovern, T., & Earl, C. F. (2000). Supply chain management: A strategic issue in engineer to order manufacturing. International Journal of Production Economics, 65, 179–190.CrossRef
3.
Zurück zum Zitat Smith, C.L. (2004). The development of a security systems research and test laboratory at University. Proceedings of IEEE International Carnahan Conference on Security Technology, pp. 111–115. Smith, C.L. (2004). The development of a security systems research and test laboratory at University. Proceedings of IEEE International Carnahan Conference on Security Technology, pp. 111–115.
4.
Zurück zum Zitat Dai, J. J., Hu, H. M., & Cai, Q. (2011). Effectiveness evaluation of security system based on entropy theory. Applied Mechanics and Materials, 40, 806–811. Dai, J. J., Hu, H. M., & Cai, Q. (2011). Effectiveness evaluation of security system based on entropy theory. Applied Mechanics and Materials, 40, 806–811.
5.
Zurück zum Zitat Xiaohu, Li. (2011). A stochastic model for quantitative security analyses of networked systems. Xiaohu, Li. (2011). A stochastic model for quantitative security analyses of networked systems.
6.
Zurück zum Zitat Ammann, P., Wijesekera, D., & Kaushik, S.. (2002) Scalable, graph-based network vulnerability analysis. Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM. Ammann, P., Wijesekera, D., & Kaushik, S.. (2002) Scalable, graph-based network vulnerability analysis. Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM.
7.
Zurück zum Zitat Balocco, A., & Capone P. Construction site risk analysis based on shannon entropy: A case study application. The First international conference on safety and security engineering, pp. 171–181. Balocco, A., & Capone P. Construction site risk analysis based on shannon entropy: A case study application. The First international conference on safety and security engineering, pp. 171–181.
8.
Zurück zum Zitat Franqueira, V. N. L., & van Keulen, M.. (2008). Analysis of the NIST database towards the composition of vulnerabilities in attack scenarios.” Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands, Tech. Rep. TR-CTIT-08-08. Franqueira, V. N. L., & van Keulen, M.. (2008). Analysis of the NIST database towards the composition of vulnerabilities in attack scenarios.” Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands, Tech. Rep. TR-CTIT-08-08.
9.
Zurück zum Zitat Buchley, J. J., & Chanas, S. (1989). A fast method of ranking alternatives using fuzzy numbers (short communications) [J]. Fuzzy Sets and Systems, 30(3), 337–339.CrossRefMathSciNet Buchley, J. J., & Chanas, S. (1989). A fast method of ranking alternatives using fuzzy numbers (short communications) [J]. Fuzzy Sets and Systems, 30(3), 337–339.CrossRefMathSciNet
Metadaten
Titel
Evaluation of the Dynamic Cybersecurity Risk Using the Entropy Weight Method
verfasst von
T. Hamid
D. Al-Jumeily
J. Mustafina
Copyright-Jahr
2018
DOI
https://doi.org/10.1007/978-3-319-60137-3_13