A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem

被引：82

作者：

Viduto, Valentina ^{[1
]}

Maple, Carsten ^{[1
]}

Huang, Wei ^{[1
]}

Lopez-Perez, David ^{[2
]}

机构：

[1] Univ Bedfordshire, Inst Res Applicable Comp, Pk Sq, Luton LU1 3JU, Beds, England

[2] Kings Coll London, Ctr Telecommun Res, Strand WC2R 2LS, England

来源：

DECISION SUPPORT SYSTEMS | 2012年 / 53卷 / 03期

基金：

英国工程与自然科学研究理事会;

关键词：

Financial decision support; Risk assessment; Countermeasure selection problem; Multi-objective optimisation; Tabu search;

D O I：

10.1016/j.dss.2012.04.001

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Budget cuts and the high demand in strengthening the security of computer systems and services constitute a challenge. Poor system knowledge and inappropriate selection of security measures may lead to unexpected financial and data losses. This paper proposes a novel Risk Assessment and Optimisation Model (RAOM) to solve a security countermeasure selection problem, where variables such as financial cost and risk may affect a final decision. A Multi-Objective Tabu Search (MOTS) algorithm has been developed to construct an efficient frontier of non-dominated solutions, which can satisfy organisational security needs in a cost-effective manner. (C) 2012 Elsevier B.V. All rights reserved.

引用

页码：599 / 610

页数：12

共 37 条

[1]

Anderson R.H., 1999, Securing the US defense information infrastructure: A proposed approach

[2]

[Anonymous], US CERT VULN NOT FIE

[3]

[Anonymous], 2004, METAHEURISTICS MULTI

[4]

[Anonymous], UK SECURITY BREACH I

[5]

[Anonymous], 2005, ISO/IEC 27001:2005

[6]

[Anonymous], 2005, 177992005 ISOIEC

[7] A new quantitative approach for information security risk assessment [J].

Asosheh, Abbas ;

Dehmoubed, Bijan ;

Khani, Amir .

2009 2ND IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY, VOL 2, 2009, :222-+

[8] Defense trees for economic evaluation of security investments [J].

Bistarelli, Stefano ;

Fioravanti, Fabio ;

Peretti, Pamela .

FIRST INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, 2006, :416-+

[9]

Dewri R, 2007, CCS'07: PROCEEDINGS OF THE 14TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, P204

[10]

DTI, 2004, TECH REP

← 1 2 3 4 →