Order
Toll-free 24/7:
+1 (347) 809-8481
Order

Software Security Risk Analysis Using Fuzzy Expert System

| | |Software Level of Security Risk Analysis Using Fuzzy | |Expert System | |[ARTIFICIAL INTELLIGENT] |
UNIVERSITI TEKNIKAL MALAYSIA MELAKA FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY SESSION 2 – 2010/2011 |NURUL AZRIN BT AIRRUDIN – B031010343 | |SITI NURSHAFIEQA BT SUHAIMI – B031010313 | |NUR SHAHIDA BT MUHTAR – B031010266 | | | |LECTURE NAME: DR ABD.
SAMAD HASSAN BASARI | | | |[12th APRIL 2011] | SOFTWARE LEVEL OF SECURITY RISK ANALYSIS USING FUZZY EXPERT SYSTEM ABSTRACT There is wide concern on the security of software systems because many organizations depend largely on them for their day-to-day operations. Since we have not seen a software system that is completely secure, there is need to analyze and determine the security risk of emerging software systems.

This work presents a technique for analyzing software security using fuzzy expert system. The inputs to the system are suitable fuzzy sets representing linguistic values for software security goals of confidentiality, integrity and availability. The expert rules were constructed using the Mamdani fuzzy reasoning in order to adequately analyze the inputs. The defuzzication technique was done using Centroid technique. The implementation of the design is done using MATLAB fuzzy logic tool because of its ability to implement fuzzy based systems.
Using newly develop software products from three software development organizations as test cases, the results show a system that can be used to effectively analyze software security risk. ANALYSIS AND DESIGN The design is basically divided into four stages: 1) DESIGN OF THE LINGUISTIC VARIABLES The inputs to the system are the values assumed for the software security goal thru confidentiality, integrity and availability. The goals are assumed to be the same weight and a particular valued is determined for each of them based on questions that are answered about the specific software.
Also the values determined for each of the input are defined as a fuzzy number instead of crisp numbers by using suitable fuzzy sets. Designing the fuzzy system requires that the different inputs (that is, confidentiality, integrity, and availability) are represented by fuzzy sets. The fuzzy sets are in turn represented by a membership function. The membership function used in this paper is the triangular membership function which is a three point function defined by minimum, maximum and modal values where usually represented in 1. [pic]
Figure 1: Triangular Membership Function 2) THE FUZZY SETS The level of confidentiality is defined based on the scales of not confidential, slightly confidential, very confidential and extremely confidential. The level of integrity is also defined based on the scales very low, low, high, very high, and extra high. Also, the level of availability is also defined by the scales very low, low, high, very high and extra high. The levels defined above are based on a range definition with an assumed interval of [0 -10]. The ranges for the inputs are shown in tables 1 and 2. DESCRIPTION |RANGE | |Non-Confidential |0-1 | |Slightly Confidential |2-3 | |Confidential |4-6 | |Very Confidential |7-8 | |Extremely Confidential |9-10 | Table 1: Range of inputs for Confidentiality Very Low |Low |High |Very High |Extra High | |0 – 1 |2 – 3 |4 – 6 |7 – 8 |9 – 10 | Table 2: Range of inputs for Integrity |Very Low |Low |High |Very High |Extra High | |0 – 1 |2 – 3 |4 – 6 |7 – 8 |9 – 10 |
Table 3: Range of inputs for Availability |DESCRIPTION |RANGE | |Not Secure |0 – 3 | |Slightly Secure |4 – 9 | |Secure |10 – 18 | |Very Secure |19 – 25 | |Extremely Secure |26 – 30 | Table 4: Level Of Security Risk
The fuzzy sets above are represented by membership functions. The corresponding membership functions for confidentiality, integrity and availability are presented in figures below [pic] Figure 1 : Membership functions for Confidentiality Similarly, the output, that is, the level of security risk is also represented by fuzzy sets and then a membership function. The level of security risk is defined based on the scales: not secure, slightly secure, secure, very secure, and extremely secure within the range of [0- 30].
The range definition is shown in table above. The membership function for the output fuzzy set is presented in figure below. [pic] Figure 2 : Membership functions for Integrity [pic] Figure 3 : Membership functions for Availability [pic] Figure 4 : Level Of Security Risk 3) THE RULES OF THE FUZZY SYSTEM Once the input and output fuzzy sets and membership functions are constructed, the rules are then formulated. The rules are formulated based on the input parameters (confidentiality, integrity, and availability) and the output i. e. level of security risk.
The levels of confidentiality, integrity, and availability are used in the antecedent of rules and the level of security risk as the consequent of rules. A fuzzy rule is conditional statement in the form: IF x is A THEN y is B. Where x and y are linguistic variables; and A and B are linguistic values determined by fuzzy sets on universe of discourses X and Y, respectively. Both the antecedent and consequent of a fuzzy rule can have multiple parts. All parts of the antecedent are calculated simultaneously and resolved in a single number and the antecedent affects all parts of the consequent equally.
Some of the rules used in the design of this fuzzy Systems are as follow: 1. If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is Very Low) then (Security Risk is Not Secure). 2. If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is Low) then (Security Risk is Slightly Secure). 3. If (Confidentiality is Extremely Confidential) and (Integrity is Extra High) and (Availability is High) then (Security Risk is Slightly Secure). ………. 125.
If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is high) then (Security Risk is Extremely Secure). The rules above were formulated using the Mamdani max-min fuzzy reasoning. DEVELOPMENT AND IMPLEMENTATION The linguistic variables were determined with the extent of the positive and negative responses to a well constructed security questions that are presented in form of on-line questionnaire. As it was mentioned earlier, MATLAB was used for the implementation. The linguistic inputs to the system are supplied through the graphical user interface called rule viewer.
Once the rule viewer has been opened, the input variables are supplied in the text box captioned input with each of them separated with a space. a) THE FIS EDITOR The fuzzy inference system editor shows a summary of the fuzzy inference system. It shows the mapping of the inputs to the system type and to the output. The names of the input variables and the processing methods for the FIS can be changed through the FIS editor. Figure 5: The FIS editor b) THE MEMBERSHIP FUNCTION EDITOR This can be opened from the command window by using the plotmf function but more easily through the GUI.
The membership function editor shows a plot of highlighted input or output variable along their possible ranges and against the probability of occurrence. The name and the range of a membership value can be changed, so also the range of the particular variable itself through the membership function editor. [pic] Figure 6: The Membership Function editor c) THE RULE EDITOR The rule editor can be used to add, delete or change a rule. It is also used to change the connection type and the weight of a rule. The rule editor for this application is shown in figure 7. pic] Figure 7: Rule Editor d) THE RULE VIEWER The text box captioned input is used to supply the three input variables needed in the system. The appropriate input corresponds to the number of YES answer in the questionnaire for each of the input variables. For example, in the figure 8, all the input variables are 5 and the corresponding output is 13. 9, which specified at the top of the corresponding graphs. The input for each of the input variables is specified at the top of the section corresponding to them, so also the output variable.
The rule viewer for this work is presented in figure 8. [pic] Figure 8: The Rule editor e) THE SURFACE VIEWER The surface viewer shown in figure 9 is a 3-D graph that shows the relationship between the inputs and the output. The output (security Risk) is represented on the Z-axis while 2 of the inputs (Confidentiality and Integrity) are on the x and y axes and the other input (Availability) is held constant. The surface viewer shows a plot of the possible ranges of the input variables against the possible ranges of the output. 4) EVALUATION
The security risk analysis system was evaluated using three newly completed software products from three different software development organizations. The output determines the security level of software under consideration. The summary of the evaluation is given in figure 11. For product A, 5 is the score for confidentiality, 5 for the integrity and 5 for the availability. |Software |Input |Output |Significance |Security Level | |Product A |5 5 5 |13. |45% slightly secure, 55% secure |46. 33 % | |Product B |8 7 8 |24. 2 |20% secure, 80% very secure |80. 60 % | |Product C |10 10 10 |28. 4 |35% very secure, 65% extremely secure |94. 67 % | Table 5 : Evaluation of Different Input Variables [pic] Figure 9 : The Surface Viewer [pic] Figure 10 : Histogram & 3D CONCLUSION AND FINDING
Thus, this work proposes a fuzzy logic-based technique for determination of level of security risk associated with software systems. Fuzzy logic is one of the major tools used for security analysis. The major goals of secure software which are used as the inputs to them system are the preservation of confidentiality (preventing unauthorized disclosure of information), preservation of integrity (preventing unauthorized alteration of information) and preservation of availability (preventing unauthorized destruction or denial of access or service to an authentic user).
It might be necessary to redesign this system in a way that it will be deployable and will be without the use of MATLAB. It might also be necessary to use an adaptive fuzzy logic technique for security risk analysis. We have been able to design a system that can be used to evaluate the security risk associated with the production of secure software systems. This will definitely help software organizations meet up with the standard requirements. A technique for assessing security of software system before final deployment has been presented.
The result of this study shows that if the software producing companies will incorporate security risk analysis into the production of software system, the issue of insecurity of software will be held to the minimum if not eliminated. This study has also revealed that if each of the software security goals can be increased to the maximum, then the level security will also be increased and the risk associated will be eliminated. Finally, security risk analysis is a path towards producing secure software and should be considered a significant activity by software development organizations.

Get your 100% original paper on any topic done
in as little as 4 hours
Write My Essay

We will write a custom Essay on Software Security Risk Analysis Using Fuzzy Expert System specifically for you for only $16.05 $13/page

805 certified writers online

Order Now

Need help with your Assignment?

Give us your paper requirements,and we’ll deliver the highest-quality essay at only $13 a page.

Order with discount
Calculate the price
Make an order in advance and get the best price
Pages (550 words)
$0.00
*Price with a welcome 15% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
How it works
Receive a 100% original paper that will pass Turnitin from a top essay writing service
step 1
Upload your instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
Pro service tips
How to get the most out of your experience with MyhomeworkGeeks
One writer throughout the entire course
If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.
The same paper from different writers
You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."
Copy of sources used by the writer
Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.
Testimonials
See why 20k+ students have chosen us as their sole writing assistance provider
Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.
Business and administrative studies
perfect
Customer 452773, February 23rd, 2023
English 101
IThank you
Customer 452631, April 6th, 2021
Leadership Studies
excellent job
Customer 452773, July 28th, 2023
BUSINESS LAW
excellent job made a 93
Customer 452773, March 22nd, 2023
fin571
EXCELLEN T
Customer 452773, March 21st, 2024
Business and administrative studies
Excellent work ,always done early
Customer 452773, February 21st, 2023
Business and administrative studies
Excellent job
Customer 452773, March 17th, 2023
Social Work and Human Services
Although it took 2 revisions I am satisfied but I did receive it late because of that.
Customer 452603, March 25th, 2021
Business and administrative studies
excellent job thank you Your Score 166.25/ 175- A 1. Current Culture 15% of total grade 18.37 Criterion "1. Current Culture" has textual feedback Criterion Feedback I see interesting points, though, in general they are not about the culture.
Customer 452773, June 4th, 2023
Business and administrative studies
excellent job
Customer 452773, March 12th, 2023
Business and administrative studies
Thank you for your hard work and effort. Made a 96 out of 125 points Lacked information from the rubic
Customer 452773, October 27th, 2023
Social Work and Human Services
Great work I would love to continue working with this writer thought out the 11 week course.
Customer 452667, May 30th, 2021
11,595
Customer reviews in total
96%
Current satisfaction rate
3 pages
Average paper length
37%
Customers referred by a friend
OUR GIFT TO YOU
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat
Check the price of your paper
Show more
Close

Sometimes it is hard to do all the work on your own

Let us help you get a good grade on your paper. Get professional help and free up your time for more important courses. Let us handle your;

  • Dissertations and Thesis
  • Essays
  • All Assignments

  • Research papers
  • Terms Papers
  • Online Classes
Order with discount
Before you leave
Receive a guaranteed discount when ordering four or more pages
4
You'll get 15% discount
use discount
Live ChatWhatsApp