Get 20M+ Full-Text Papers For Less Than $1.50/day. Subscribe now for You or Your Team.

Learn More →

A Security Situation Assessment Model of Information System for Smart Mobile Devices

A Security Situation Assessment Model of Information System for Smart Mobile Devices Hindawi Wireless Communications and Mobile Computing Volume 2020, Article ID 8886516, 11 pages https://doi.org/10.1155/2020/8886516 Research Article A Security Situation Assessment Model of Information System for Smart Mobile Devices Lixia Xie, Liping Yan, Xugao Zhang, and Hongyu Yang School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China Correspondence should be addressed to Hongyu Yang; hyyang@cauc.edu.cn Received 30 June 2020; Revised 24 August 2020; Accepted 18 September 2020; Published 8 October 2020 Academic Editor: Ding Wang Copyright © 2020 Lixia Xie et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. The accuracy of the existing security situation assessment model of information system for smart mobile devices is affected by expert evaluation preferences. This paper proposes an information system security situation assessment model for smart mobile devices, which is based on the modified interval matrix-entropy weight-based cloud (MIMEC). According to the security situation assessment index system, the interval judgment matrix reflecting the relative importance of different indexes is modified to improve the objectivity of the index layer weight vector. Then, the entropy weight-based cloud is used to quantify the criterion layer and the target layer security situation index, and the security level of the system is graded. The evaluation experiment on the departure control system for smart mobile devices not only verify the validity of this model but also demonstrate that this model has higher stability and reliability than other models. 1. Introduction ment model based on network security vulnerabilities to assess network security risks. However, the model requires Security situation assessment refers to the process of predict- a large amount of data, the risk baseline determination is ing the security situation of the system based on the percep- influenced by experts, and the algorithm complexity is high. tion and acquisition of security elements in a certain time and Hemanidhi et al. [6] calculated the total network risk value space, and the integrated analysis of the acquired data infor- by weighting the quantified results of network risk under mation [1]. The security situation assessment model is neces- different vulnerability detection tools, but the distribution sary for information system administrators of smart mobile of risk value weight for different detection tools is not devices to obtain the dynamic security situation of the reasonable. Eom et al. [7] proposed a risk quantification formula based on threat frequency, asset exposure, and asset system, determine system abnormal events, and make reasonable decisions. protection level, but the determination of threat frequency is Fu et al. [2] proposed a comprehensive evaluation model influenced by subjective factors. Rimsha et al. [8] proposed for information system security risk based on the entropy an information security risk assessment method based on weight coefficient method. The entropy weight coefficient the adjacency matrix. However, a higher-order adjacency method was used to determine the index weight vector and matrix will increase the deviation between the risk value reduce the subjective influence of experts. Luo et al. [3] and the actual security situation. Cheng [9] proposed a proposed a risk assessment model based on the gray com- streaming algorithm to identify user click requests and prehensive measure, but the evaluation model lacks manage- reconstructed user-browser interactions by leveraging the ment dimension indexes. Xi et al. [4] proposed an improved Spark Streaming framework. Rui [10] proposed a two-stage quantitative evaluation model of the network security situa- approach by combining multiobjective optimization tion and optimized the network security situation quantita- (MOO) with integrated decision-making (IDM) to address tive value by game method, but the information source is the problem of combined heat and power economic emis- single. Shu et al. [5] proposed a network security risk assess- sion dispatch (CHPEED). 2 Wireless Communications and Mobile Computing Those indicate that the existing information system secu- Table 1: Notations and abbreviations. rity situation assessment indexes only focus on the technical Symbol Descriptions level without considering the human factors. Moreover, the m Number of comment security situation evaluation is greatly influenced by the subjectivity of experts, and the quantified results cannot Qualitative index comment accurately reflect the information system security situation. Expert value Motivated by those above, in this paper, we propose an Modified factor information system security situation assessment model (ISSSAM) for smart mobile devices, which is based on X Quantitative index the modified interval matrix-entropy weight-based cloud −A Interval judgment matrix (MIMEC). −a ij Interval number 1.1. Contribution. The main contributions of this paper are CR Consistency ratio listed as follows: RI Average random consistency index Interval matrix consistency degree (1) A practical ISSSAM model. To accurately assess the information system security situation for smart Q Number of random matrixes mobile devices, an ISSSAM model is built with con- Number of satisfactory consistency matrix sideration of the modified interval matrix module U Universe and entropy weight-based cloud Membership degree (2) A novel modified algorithm. A modified interval E Expectation value matrix module is proposed to improve the objectivity Entropy of the weight vector. Firstly, the interval judgment n matrix given by experts is modified to improve its H Hyper entropy consistency degree. Secondly, the deterministic matrix with the best consistency degree is searched in the modified interval judgment matrix. Finally, tem dimension (I ), network dimension (I ), data dimension 2 3 the best weight vector is obtained based on the best (I ), and manager dimension (I ). 4 5 deterministic matrix Secondly, there are various ways for us to obtain data as the basis for experts’ scoring and determine qualitative (3) The experimental results of the departure control sys- indexes and quantitative indexes, such as questionnaire tem (DCS) case, prove the effectiveness of our model. Furthermore, compared with other methods, the survey, physical environment assessment, viewing host con- figuration, and obtaining system vulnerabilities through results demonstrate that our model is closer to the practical security situation and improves the reliabil- intrusion detection system. Thirdly, the security situation is quantified by the modi- ity and stability of information system security situa- fied interval matrix module and the entropy weight-based tion assessment cloud module. The interval judgment matrix is given by 1.2. Organization. The rest of this paper is organized as fol- experts, and the modified interval matrix module is used to obtain the best deterministic judgment matrix. Then, the lows. Section 2 presents the security situation assessment model. Section 3 recommends multisource data normaliza- index layer is constructed according to the experts’ evalua- tion. In Section 4, the modified interval matrix module is tion results. Combined with the index layer weight vector, proposed. Section 5 reviews the entropy weight-based cloud the criterion layer based cloud model is constructed, and module. In Section 6, the experimental comparisons are car- the entropy weight coefficient of the criterion layer cloud model is calculated. At last, the situation value of an informa- ried out, and the results are analyzed. Finally, Section 7 gives the conclusions. In addition, the list of notations is shown in tion system for smart mobile devices is obtained by the situ- Table 1. ation value operator. Finally, according to the “Information security technolo- gy—classification guide for classified protection of informa- 2. Security Situation Assessment Model tion systems security” [11] and the comprehensive security situation value of an information system for smart mobile In this paper, a MIMEC based security situation assessment devices, the security situation level is determined. model of information system for smart mobile devices is established (see Figure 1). The assessment process is designed as follows: firstly, 3. Multisource Data Normalization based on the analytic hierarchy process (AHP), a three- layer index system for security situation assessment of an information system for smart mobile devices is established. Since the heterogeneity of multisource data makes it difficult Define that there are 5 evaluation dimensions (see for experts to evaluate, this paper proposes a normalized Figure 2), where they are physical dimension (I ), host sys- method for qualitative and quantitative indexes as follows. 1 Wireless Communications and Mobile Computing 3 Data source Physical environment assessment Determining the information system security AHP situation assessment indicator system Host configuration Determining qualitative, quantitative criteria, IDS expert ratings Personnel management log Entropy weight based cloud module Interval matrix correction module Determining the indicator Structural indicator layer, criterion layer layer weight vector membership cloud model Computational cloud model entropy weight coefficient Information system security situation comprehensive situation value Determine the security level of the information system Figure 1: Security situation assessment model. Target layer Criteria layer Indicator layer Physical access control Anti-theft and vandalism Prevent lightning strikes Physical Temperature and humidity control Electricity supply Identification Disk utilization CPU utilization Host system Memory usage Port traffic Network topology Network access control Information system Network comprehensive security situation Security audit Network trac ffi Integrity Confidentiality Data Availability Backup and recovery Recruitment Personnel leaving the post Manager Personnel assessment Safety education training Figure 2: Evaluation index system. 4 Wireless Communications and Mobile Computing 3.1. Normalization of Qualitative Indexes. Define that there Table 2: Average random consistency index values. are m qualitative index comment classifications, which are Order 1 2 3 4 5 6 7 8 9 β , β , ⋯, β . β ~ β ði, j ∈ 1, 2, ⋯, mÞ represents that the 1 2 m i j RI 0 0 0.52 0.89 1.12 1.26 1.36 1.41 1.46 comment β is better than comment β , then β ~ β ~ ⋯ ~ i j 1 2 β ði, j ∈ 1, 2, ⋯, mÞ. Meanwhile, define that θ is the index which reflects the score of comment and θ ~ N (0, 1). Satisfactory consistency: define that the consistency ratio Suppose that the t is corresponding to comment β which of judgment matrix A is CRðAÞ = ðλ ðAÞ − nÞ/½ðn − 1Þ RI. max reflects the expert score and t is the quantile of N ð0, 1Þ, then When CR ≤ 0:1, we consider the matrix A has satisfactory consistency, where λ ðAÞ is the maximum eigenvalue of max P θ < t = i =1,2, ⋯, m − 1 ð1Þ ðÞ ðÞ matrix A, RI is the average random consistency index (see Table 2). Interval matrix consistency degree: define that γ is the Define that the expert score is V and V = μt , where μ is e e i interval matrix consistency degree. If Q random matrixes the modified factor (this paper takes μ = 100). are generated from interval matrix −A and there are p matrixes has satisfactory consistency, then γ = p/Q. 3.2. Normalization of Quantitative Indexes. Define that the quantitative interval of the index X is [X , X ], the normali- a b 4.2. Modified Interval Matrix Design. The modified interval zation process for the quantitative indexes of different matrix module is shown in Figure 3. dimensions is as follows: The modified interval matrix module is divided into three submodules. They are interval matrix consistency degree (1) Positive index judgment submodule (Interval_matrix_identify), interval matrix element adjustment submodule (Interval_matrix_ x − X adopt), and best deterministic matrix acquisition submodule X = , X > X ð2Þ ðÞ 1 b a (Best_interval_matrix). X − X b a The workflow design of the modified interval matrix module is as follows. Step 1. Calculate the consistency degree value (consis_value) (2) Reverse index of a given interval matrix. X − x Step 2. If consis_value > threshold, then turn to Step 3; else X = ,ðÞ X > X ð3Þ 2 b a X − X b a adjust the interval number elements, and turn to Step 1. 4. Modified Interval Matrix Module Step 3. Calculate the Best_interval_matrix based on the mod- ified matrix. The assessment of the security situation needs to determine the relative importance of each index, and its mathematical Step 4. Calculate the weight vector based on Best_interval_ representation is the weight vector. In this paper, the inter- matrix. val judgment matrix given by experts is modified to improve the degree of consistency, and the deterministic The processing method and process of each sub-module matrix with the best consistency is searched in the modified are explained in detail below. interval judgment matrix to determine the best weight vec- tor. This method not only preserves the subjectivity of 4.2.1. Interval Matrix Consistency Degree Judgment expert evaluation but also improves the objective degree Submodule. The interval judgment matrix given by the expert of the weight vector. generates Q random matrices according to the uniform distribution probability and sequentially calculates the con- 4.1. Related Definitions. Interval judgment matrix: define that sistency ratio CR ðk =1,2, ⋯, QÞ of the generated random the subscript set of n elements is J = f1, 2, ⋯, ng,and the rel- matrix. Let the number of random matrices with a satisfac- ative importance between element i and element j is a . ij tory degree of consistency be p, then the degree of consis- Then, the interval judgment matrix can be represent as −A tency of the interval matrices is γ = p/Q. The larger γ, the = ð−a Þ , i, j ∈ 1, 2, ⋯, n, and the interval number −a is ij ij better the consistency of the interval matrix; the smaller γ, n×n L U U L L U ½a , a , −a = ½1/a ,1/a , a ≤ a . This paper takes 1-9 the worse the consistency of the interval matrix. This paper ij ij ji ij ij ij ij takes Q = 100. scale judgment matrix [12]. Random matrix: define that matrix A = ða Þ , i, j ∈ 1, ij n×n 4.2.2. Interval Matrix Element Adjustment Submodule. When L U 2, ⋯, n, where a ∈ ½a , a . Random number a is generated ij ij ij ij the consistency degree γ is less than a certain threshold, some L U from ½a , a  according to the probability of uniform elements in the interval matrix need to be adjusted. The ij ij distribution. specific process is designed as follows. Wireless Communications and Mobile Computing 5 Consistency degree judgment Matrix element adjustment Best deterministic matrix sub-module sub-module acquisition sub-module Calculate the degree of Initial interval Adjust interval matrix Best deterministic consistency of the judgment matrix elements matrix interval matrix No Yes Best deterministic matrix Consistency level value> Consistency level calculation based on optimized threshold? value interval matrix Figure 3: Design of modified interval matrix. ðn−1Þ L L L L U =1; when i ≠ j, a = min fa , aij , ⋯, a g, a = Step 1. Get subinterval matrix −A by deleting the ele- ij ij1 2 ijω ij U U U − U L max fa , aij , ⋯, a g, and a = ½1/a ,1/a . ments of the hth row and hth column in the interval matrix, ij1 2 ijω ji ij ij ðn−1Þ and compute γ of A . h h U L Step 6. Repeat Step 1~5 until the sum of ∣a − a ∣ ði, j ∈ ij ij ðn−1Þ 1, 2, ⋯, nÞ (the lengths of the interval matrix) is not more Step 2. If γ and γ of the subinterval matrix −A and h1 h2 h1 than 10% of the sum of the lengths of the original interval ðn−1Þ −A > γ of other matrices, adjust the interval elements matrix. h2 h L U L U ½a , a , ½a , a . h1h2 h1h2 h2h1 h2h1 In Step 1, the proportion of each determined number of the randomly generated deterministic matrix in the left half Step 3. Turn to the Interval_matrix_identify submodule, and interval of each interval element of the original interval calculate γ of the adjusted interval judgment matrix. matrix is α, and 0:5 − η < α <0:5+ η (This paper takes η =0:05). After deleting the elements of the hth row and hth col- umn in the interval matrix, the deleted elements are isolated (2) Best deterministic matrix calculation to remain elements. If the consistency degree of this interval matrix improved greatly, it is indicated that the deleted ele- ments have a negative impact to the original matrix. So, we v = w ∗ v + c ∗ rand ∗ðÞ pbest − present , ð4Þ need to invite experts to adjust corresponding elements to improve the consistency degree [13]. present = present + v, ð5Þ 4.2.3. The Best Deterministic Matrix Acquisition Submodule. where v is the speed of optimization, w is used to adjust the This submodule consists of two processes: interval matrix speed of optimization, c is the cognitive factor and usually c convergence and best deterministic matrix calculation. The =2, rand is the random number between (0, 1), pbest is the specific process is designed as follows: current the element in the deterministic matrix with the smallest consistency ratio, and present represents the ele- (1) Interval matrix convergence ment in the current deterministic matrix. Step 1. Input the converged interval matrix (Input_matrix). Step 1. Generate R deterministic matrices according to the uniform distribution probability based on the adjusted inter- Step 2. Initialize a deterministic matrix M , the elements of val judgment matrix. the deterministic matrix are: a , i, j ∈ 1, 2, ⋯, n. When i = j, ij L U a =1; when 1< j ≤ n,1 ≤ i < j, a = ða + a Þ/2; when 1 ij ij ij ij Step 2. Calculate CR ði =1,2, ⋯, RÞ of the R deterministic < i ≤ n,1 ≤ j < i, a =1/a . ij ji matrices, respectively. Step 3. Calculate CR as the initial consistency ratio. Step 3. Get the tth matrix cluster (Cluster_matrix_t)by obtaining first ω consistency ratios of R deterministic Step 4. Generate deterministic matrix M ði =1,2, ⋯, kÞ ran- matrices. domly from Input_matrix. Step 4. Integrate the new interval matrix by using the same Step 5. Calculate its consistency ratio CR , and compare it position elements of different matrices in matrix clusters. with CR . Step 5. Obtain the upper and lower limits of each interval ele- Step 6. If CR < CR , CR = CR , M = M ; else, keep CR and i 0 0 i 0 i 0 ments in the new interval judgment matrix. When i = j, a M unchanged. ij 0 6 Wireless Communications and Mobile Computing Step 7. Adjust each element in each deterministic matrix cloud drops are too discrete, it indicates that the expert according to equations (4) and (5): evaluation opinions differ greatly, then we can apply for reevaluation. U L L U v = min ða − a Þði ≠ j, i, j ∈ 1, 2, ⋯, nÞ, where a ,a max ij ij ij ij (1) Reverse cloud generator are the upper and lower limits of each element of the con- verged interval matrix. If v > v , then take v = v ;if v < max max L U −v , take v = −v .If present ∈ ½a , a , present does not max max ij ij E + E +⋯+E x1 x2 xn L L E = , need to be adjusted; if present <a , then take present = a ; ij ij U U if present > a , take present = a . The initial value of v is ij ij max E , E ,⋯,E − min E , E ,⋯,E fg fg x1 x2 xn x1 x2 xn E = , taken as 0, pbest corresponds to each element in the initial deterministic matrix M in Step 2, and present corresponds 0 0 to each element in the deterministic matrix randomly gener- 2 2 S = 〠 x − E , ðÞ i x ated in Step 2 for the first time. n i=1 qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi 2 2 Step 8. Repeat Step 2~7 for k times. H = S − E , e n ð7Þ On this basis, the eigenvector method can be used to calculate the best weight vector. where E indicates the percentage result of the ith expert xi 5. Entropy Weight-Based Cloud Module evaluation and n indicates the number of experts. The digital features of the membership cloud (E , E , H ) are calculated x n e 5.1. Related Definitions. Membership cloud [14]: define that by the above equations. U is a certain universe, where U = fxg and S is language value corresponding to accuracy number x. x is a random (2) Forward cloud generator number with a stable tendency for membership degree C ðXÞ, and the distribution of membership degree on the universe is called membership cloud. Step 1. E = Randn ðE , H Þ, which takes E as the expecta- nn n e n The digital characteristics of the cloud: the description of tion and produces a normally distributed random number cloud rely on 3 parameters. They are expectation value E , E with H as the standard deviation. nn e entropy E , hyper entropy H , where E reflects a concept n e x corresponds to the central value of a universe, E reflects Step 2. x = Randn ðE , E Þ, which takes E as the expecta- i x nn x the fuzziness of the concept and E reflects the degree of tion and generates a normally distributed random number cloud droplet dispersion. x with E as a standard deviation. i nn Entropy [2]: entropy measures the uncertainty of the sys- tem. Define that the system may stay in n different states and Step 3. ξ = exp ½−ðx − E Þ /ð2E Þ, the degree of mem- i i x nn the probability of each state occurs is p ði =1,2, ⋯, nÞ, then bership is calculated according to the equation, and the the entropy of the system is pair (x , ξ ) represents a cloud drop distributed over the i i universe U. E = −〠 p ln p ð6Þ i i Step 4. Step 1 through Step 3 is performed cyclically until i=1 enough cloud drops are generated to restore the expert eval- uation results in the form of a cloud model. where 0 ≤ p ≤ 1 and p + ⋯+p =1. When p =1/n, E = i 1 n i max ln n. Then, when the system has only one state n =1 and 5.3. Membership Cloud Gravity Center. The result of the E =0, the system is determined. With the increase of n, min expert evaluation of f indexes subordinate to the criterion the number of possible states gets higher, then the entropy layer can be represented by f -dimensional membership gets bigger. And the dispersion of the system becomes bigger, clouds. The f -dimensional comprehensive membership and it can provide less information. Thus, the less important cloud of the dimension can be formed by a membership this system is relative to other systems. cloud gravity center. This paper uses the vector g to represent the gravity center vector of this cloud which is 5.2. Expert Evaluation of Membership Cloud. For the evalua- tion of a certain index, n experts are invited to conduct the evaluation of a certain index, and the evaluation g = g , g , ⋯, g : ð8Þ 1 2 f results are converted into a percentage form according to Section 3. The membership clouds represent the evaluation results of the n experts. First, the three digital features where g = E · w ði =1, 2, ⋯, f Þ, E represents the expected xi i xi (E , E , H ) of the cloud model are calculated by the value of the ith membership cloud, and w represents the x n e i reverse cloud generator. Then, the expert evaluation results weight corresponding to the index which is calculated by are restored by the forward cloud generator. Finally, if the the modified interval matrix module. Wireless Communications and Mobile Computing 7 Worse Bad Average Good Excellent Assuming that the initial state of the system is ideal, the initial cloud center of gravity vector of the f -dimensional integrated membership cloud is 0.8 0.6 0 0 0 0 g = g , g , ⋯, g : ð9Þ 1 2 f 0.4 0.2 The cloud gravity center vector representing the current expert evaluation result is 0 0.2 0.4 0.6 0.8 1 ′ ′ ′ ′ g = g , g , ⋯, g : ð10Þ 1 2 f Figure 4: Evaluation cloud model. Then, normalize the changes in the gravity center vector of information system software and hardware. The change of the f -dimensional integrated cloud is of managers will cause the weight vector of the criterion 8 layer to change, which will affect the system the total secu- > g − g > i i 0 rity assessment value. > ′ ,g ≤ g 0 i i g Given the above problems, based on the cloud gravity g = ð11Þ i center-weighted deviation of each index in the known crite- > g − g > i 0 rion layer, by reviewing the comments of the activated com- > ′ ,g >g i i g ments in the cloud model and the support of each comment, the dimension indexes of the criterion layer are determined relative to each comment. The support matrix P is as shown where i =1,2, ⋯, f . Calculate the weighted deviation δ from the weight vector in Table 3. W = ðw , w , ⋯, w Þ: X , X , X , X , and X in Table 3 correspond to the 5 1 2 f 1 2 3 4 5 dimensions of the criterion layer, respectively, and p indi- ij cates the degree of support of the ith index to the jth com- δ = 〠 g ∗ w : ð12Þ ment (i, j ∈ 1, 2, 3, 4, 5). i=1 Calculate the absolute entropy of each dimension index by using equation (13): Enter δ into the evaluation cloud model to get the sup- port level of this dimension index for different comments H = −〠 p ln p , ð13Þ in the criterion layer [15]. The evaluation cloud model is i ij ij j=1 shown in Figure 4. In the process of quantifying the situation from the index when p = p = ⋯ = p , there is H =ln n. Calculate the i1 i2 in max layer to the criterion layer, the cloud gravity center evaluation relative entropy value of each dimension index by using method can be used to calculate the weighted deviation and equation (13) obtain the safety situation value of the different dimension indexes in the criterion layer, and the process of quantifying the situation from the criterion layer to the target layer. In the μ = − 〠 p ln p : ð14Þ i ij ij traditional method [16], the dimension indexes of the default ln n j=1 criterion layer are usually the same relative importance, but the relative importance of different indexes in the criterion The weight of the corresponding index is expressed by layer is not distinguished. This has certain limitations on (1-μ ), which is normalized: the quantitative value of the comprehensive security situation of the information system. τ = 1 − u , ð15Þ ðÞ First, at a certain moment, the relative importance of i n i n−∑ u i=1 i the physical dimension, host dimension, network dimen- sion, data dimension, and manager dimension of different where τ ∈ ½0, 1 and τ + ⋯+τ =1, τ is the entropy i 1 n i information systems is different. The reason is that some weight coefficient of the subordinate cloud corresponding information systems and external network channels are to X . less or even isolation, the main factor affecting the security The weight vector corresponding to each comment in the of the system type is behavior adjustment management given evaluation cloud model is set as U = ðu , u , worse bad [17], and some information systems often face threats u , u , u Þ = ð1/15, 2/15, 1/5, 4/15, 1/3Þ [2, 18]. average good excellent such as vulnerabilities and malicious attacks, so it is neces- The information system comprehensive security situa- sary to focus on the protection of their host and network tion value operator is equation (16): dimension indexes. Second, for the same information sys- tem, the main influencing factors affecting its security V =1 − τ ∗ P ∗ U : ð16Þ situation will change with time. This is due to the update Membership 8 Wireless Communications and Mobile Computing as an example to illustrate the application process of the eval- Table 3: Support matrix. uation model. Criteria layer Worse Bad Average Good Excellent 6.1. Normalization of Multisource Data. For the four X P P P P P 1 11 12 13 14 15 subindexes of the network dimension ðI ÞðI , I , I , I Þ 3 31 32 33 34 X P P P P P 2 21 22 23 24 25 = ðnetwork topology, network access control, security audit, X P P P P P 3 31 32 33 34 35 network trafficÞ, 10 experts are invited to evaluate each sub- P P index. Take “identification” (in Figure 2) for example, when X P P P 4 41 42 43 44 45 password guessing [19] or two-factor authentication schemes X P P P P P 5 51 52 53 54 55 [20, 21] are implemented, the security situation will reach a serious state which needs the information system manager Table 4: Security situation level. give emergency reaction to keep the system stay a good state. And experts will give a score between 80 and 100, which rep- V [0,0.2] (0.2,0.4] (0.4,0.6] (0.6,0.8] (0.8,1] resents the situation is bad. Then according to Section 3, the Level Worse Bad Average Good Excellent evaluation of qualitative and quantitative indexes was unified into the score under the percentage system, and the scores of the subindexes are shown in Table 5. Table 5: Experts’ evaluation percentage. 6.2. Determine Index Weights. The interval judgment matrix ExpertiI I I I 31 32 33 34 is given by experts on the relative importance of the four 1 978690 96 subindexes: 2 928992 93 0 1 3 949094 95 13½,4 ½ 3, 5 ½ 3, 5 4 898794 94 B C B C ½ 1/4, 1/3 1 ½ 1/2, 1 ½ 2, 5 5 928693 94 0 B C A = : ð18Þ B C 6 958992 95 B C ½ 1/5, 1/3 ½ 1, 2 1 ½ 1/3, 1 @ A 7 908595 96 ½ 1/5, 1/3 ½ 1/5, 1/2 ½ 1, 3 1 8 888891 94 9 988890 95 According to the method in Section 4, firstly judge the 10 96 87 91 95 consistency degree of the interval matrix, and take the consis- tency degree threshold value to be 0.6 to obtain γ =0:76 > 0:6 [13], which shows that the consistency degree of the interval This paper determines the security situation level accord- ing to [2, 14], as shown in Table 4. The system security situ- matrix meets the requirements, and no further interaction with the experts is needed. This matrix is used as the best ation level can be determined by combining the V value. interval matrix in Section 4.2.3. Then, the interval matrix is 5.4. Analysis of Algorithm Complexity. In the proposed converged, and R = 100, ω =10. After 7 iterations, the model, there are two modules. First, we modified the interval convergence interval matrix is matrix to get the best deterministic matrix and obtained the 0 1 best weight vector. This process traverses all interval matrix 13:210,3:463 3:653,4:000 4:202,4:417 ½½½ elements at least twice. The complexity of this process is B C B C ½ 0:289,0:312 10½ :934,0:953 ½ 2:029,2:040 Oðn Þ. After we get the best weight vector, we need to evalu- B C A = : B C B C ate each index according to the entropy weight-based cloud. ½ 0:250,0:274 ½ 1:049,1:070 10½ :894,0:905 @ A The complexity of the whole process is OðnÞ. Finally, we cal- 0:226,0:238 0:490,0:493 1:104,1:119 1 ½½½ culate the situation security value through equation (16). ð19Þ Therefore, we can obtain the complexity of the whole model as follows. Based on this matrix, the optimization process based on the adjusted deterministic matrix is obtained under the Ω =On +OnðÞ ð17Þ condition of the number of optimization times k = 1 000, and the best deterministic matrix is 6. Results and Discussion 0 1 13½ :300 679 ½ 3:874 924 ½ 4:261 778 B C The model proposed in this paper is applied to the departure B C ½ 0:300 351 10½ :942 991 ½ 2:032 611 best B C control system for smart mobile devices. The system security A = : B C B C ½ 0:259 102 ½ 1:057 097 10½ :899 372 situation assessment is conducted every Tuesday, from @ A October 1 to December 23, 2018, for a total of 12 times. ½ 0:233 799 ½ 0:490 148 ½ 1:109 949 1 The following experiment uses the evaluation of the network ð20Þ dimension of the system criterion layer on October 9, 2018, Wireless Communications and Mobile Computing 9 The first sub-index reduction map The second sub-index reduction map 1 1 0.5 0.5 0 0 80 85 90 95 100 80 85 90 95 100 Score Score The third sub-index reduction map The fourth sub-index reduction map 1 1 0.5 0.5 0 0 80 85 90 95 100 80 85 90 95 100 Score Score Figure 5: Reduction of four indexes’ evaluation. Table 6: Expected values and weights of each index. Worse Bad Average Good Excellent Index I I I I I 3i 31 32 33 34 0.8 Expected value E 92.96 87.50 92.22 94.72 0.6 Weight w 0.555 665 0.178 134 0.144 072 0.122 129 3i 0.4 0.2 The consistency ratio is CR =0:022 591 < 0:1.Thismatrix has satisfactory consistency. The weight vector obtained is 0 0.2 0.4 0.6 0.8 1 w = ð0:555 665,0:178 134,0:144 072,0:122 129Þ. Figure 6: Evaluation cloud activation. 6.3. Situation Quantification and Grading. The experts’ eval- uation results are restored by the cloud, as shown in Figure 5. The evaluation support vector for the other four- Since the cloud droplets of each cloud model are more con- dimensional indexes of the criterion layer is the same as the centrated, it indicates that the experts’ evaluation comments calculation process of the network dimension and will not be described here. are more consistent, so there is no need to request experts’ reevaluation. The obtained security level value vector of each dimen- The expected value vectors of the four subindexes of net- sion of the criterion layer is (0.677 2,0.731 4,0.920 9,0.522 work dimension based on the graph and the weight corre- 5,0.643 4), and the comment support matrix P is shown in sponding to each expected value obtained based on Section Table 7. According to equations (13)–(15), the criterion layer 6.2 are shown in Table 6. According to equations (11) and (12), the weighted devi- index entropy weight coefficient vector can be calculated as: ation degree is δ = −0:079 134, and the security situation τ = ð0:143, 0:380, 0:121, 0:307, 0:049Þ. The comprehensive value of the network dimension is 0.920 866. Inputting δ into security situation value of this system is 0.752. Combined the evaluation cloud model indicates that the network with Table 4, the security situation of the information system is in an “excellent” state, which is consistent with the actual dimension is in “excellent” state, as shown in Figure 6. For the normal curve fitting of the evaluation cloud situation. model, the support degree of the comment “good” is 0.122 The security situation assessment method in this paper, 04, the support degree of the comment “excellent” is 0.636 the entropy weight coefficient method [2], the improved 88. The remaining support degree 1 − 0:122 04 − 0:636 88 = Hidden Markov Model [4], and the AHP method [12] are applied to the evaluation of this system. The criterion layer 0:241 08 is allocated by the reciprocal ratio of the distance between the dimension and the expected value of the other security situation and total security situation are evaluated, three inactive reviews. The network dimension comment as shown in Figures 7 and 8. support vector ðp , p , p , p , p Þ = ð0:052 86, 0:072 56, As can be seen from Figures 7 and 8, the fluctuation of 31 32 33 34 35 the situation assessment value of the model in this paper 0:115 66, 0:122 04, 0:636 88Þ. Certain degree Certain degree Certain degree Certain degree Membership 10 Wireless Communications and Mobile Computing Table 7: Comment support. 0.9 Criteria layer Worse Bad Average Good Excellent X 0.045 93 0.072 19 0.104 12 0.682 61 0.095 54 0.8 0.000 67 0.001 02 0.201 11 0.975 38 0.001 82 2 0.7 0.052 86 0.072 56 0.115 66 0.122 04 0.636 88 0.6 0.002 94 0.056 40 0.964 18 0.024 02 0.032 19 0.5 0.074 71 0.122 19 0.227 29 0.441 00 0.134 80 0.4 0.3 0.2 0.9 0.1 0.8 1234567 8 9 10 11 12 0.7 Week/weeks 0.6 the AHP method 0.5 the entropy weight coefficient method the improved Hidden Markov Model 0.4 the method of this paper 0.3 Figure 8: Total security situation. 0.2 Second, due to the difference of experts’ ability, it is diffi- 0.1 cult to judge the relative importance of each dimension index in the criterion layer uniformly. Based on multisource data 1234567 8 9 10 11 12 normalization, the entropy weight coefficient of each cloud Week/weeks model corresponding to the criterion layer index is used to 11 situation value of the entropy weight coefficient method avoid weighting directly for the criterion layer index. There- 13 situation value of the entropy weight coefficient method 14 situation value of the entropy weight coefficient method fore, the total situation value of the actual system can avoid 11 situation value of the AHP method large fluctuation and improve the stability of information 13 situation value of the AHP method system security situation assessment. 14 situation value of the AHP method I1 situation value of the improved Hidden Markov Model I3 situation value of the improved Hidden Markov Model I4 situation value of the improved Hidden Markov Model 7. Conclusions I1 situation value of the method of this paper I3 situation value of the method of this paper I4 situation value of the method of this paper This paper proposes a MIMEC-based security situation assessment model of information system for smart mobile Figure 7: Criterion layer security situation. devices. This model modifies the interval judgment matrix, finds the best deterministic matrix to determine the index layer weight vector, and combines the entropy weight mem- is obviously smaller than that obtained by the entropy bership cloud to quantify and grading the security situation. weight coefficient method [2], the improved Hidden Through the experiment on the departure control system Markov Model [4], and the AHP method [12]. There are for smart mobile devices, we found that the existing informa- two reasons: first, the model in this paper improves the tion system is always in a serious situation, which means the objective degree of the weight vector by modifying the information system manager is supposed to take some mea- interval matrix and overcomes the shortcoming of the sures to protect the system. We believe that our findings strong subjectivity of the traditional AHP method. At the and our model can extend the models used in previous work same time, by judging the dispersion degree of the subor- and correct shortcomings of previous models. And compared dinate cloud droplets of the experts’ evaluation results, the evaluation results with other methods, it shows that our abnormal index values can be found and reevaluation. model has good reliability and stability. Compared with the entropy weight coefficient method, Our future work will focus on this study to assess exten- unreasonable index weighting can be avoided. Therefore, sive information system situation security for smart mobile the quantitative result of the model in this paper is more devices. In addition, more realistic assessment methods such appropriate to the actual system security situation, which as Pythagorean Fuzzy Subsets [22], and Intuitionistic Fuzzy improves the reliability of this information system security Petri Nets [23] will be used to improve the accuracy of the situation assessment model. proposed model. Situation value Situation value Wireless Communications and Mobile Computing 11 Data Availability [11] General Administration of Quality Supervision, Inspection and Quarantine of the People’s Republic of China, Standardi- The raw/processed data required to reproduce these findings zation Administration of the People’s Republic of China, cannot be shared at this time as the data also forms part of an Information security technology—classification guide for classi- ongoing study. fied protection of information systems security: GB/T 22240—2008, Standards Press of China, Beijing, 2008. [12] X. Cheng, Information System Security Situation Assessment Conflicts of Interest and Risk Control Method Based on Operation-Flow, Civil Avi- ation University of China, Tianjin, 2016. The authors declare that there is no conflict of interest [13] J. J. Zhu, S. X. Liu, and M. G. Wang, “Novel weight approach regarding the publication of this paper. for interval numbers comparison matrix in the analytic hierar- chy process,” Systems Engineering-Theory & Practice, vol. 25, no. 4, pp. 29–34, 2005. Acknowledgments [14] D. Li, M. Haijun, and S. Xuemei, “Membership clouds and This work was supported by the Civil Aviation Joint Research membership cloud generators,” Journal of Computer Research and Development, vol. 32, no. 6, pp. 15–20, 1995. Fund Project of the National Natural Science Foundation of China under granted number U1833107. [15] Z. H. Feng, J. C. Zhang, K. Zhang, and W. Liu, “Techniques for battlefield situation assessment based on cloud-gravity-center assessing,” Fire Control & Command Control, vol. 36, no. 3, References pp. 13–15, 2011. [16] Z. W. Li, The Study on the Information System Risk Assessment [1] X. H. Qu and X. M. Shi, “Research of network security situa- and Management Countermeasure, Beijing Jiaotong Univer- tion assessment based on AHP,” Techniques of Automation sity, Beijing, 2010. and Applications, vol. 37, no. 11, pp. 43–45, 2018. [17] Y. B. Li, Analysis and Design of MIS (Management Information [2] Y. Fu, X. P. Wu, and Q. Ye, “An approach for information System) on Nuclear Power Construction of SD, Shandong Uni- systems security risk assessment on fuzzy set and entropy- versity, Jinan, 2013. weight,” Acta Electronica Sinica, vol. 38, no. 7, pp. 1489– [18] D. M. Zhao, Y. Q. Zhang, and J. F. Ma, “Fuzzy risk assessment 1494, 2010. of entropy-weight coefficient method applied in network secu- [3] H. S. Luo, Y. J. Shen, and G. D. Zhang, “Information security rity,” Computer Engineering, vol. 30, no. 18, pp. 21–23, 2004. risk assessment based on two stages decision model with grey [19] D. Wang, Z. J. Zhang, P. Wang, J. Yan, and X. Y. Huang, “Tar- synthetic measure,” in Proceedings of the 6th IEEE Interna- geted Online Password Guessing: An Underestimated Threat,” tional Conference on Software Engineering and Service Science, in Proceedings of the 2016 ACM SIGSAC Conference on Com- pp. 795–798, Beijing, China, 2015. puter and Communications Security (ACM CCS 2016), [4] R. R. Xi, X. C. Yun, and Y. Z. Zhang, “An improved quantita- pp. 1242–1254, Vienna, Austria, 2016. tive evaluation method for network security,” Chinese Journal of Computers, vol. 38, no. 4, pp. 749–758, 2015. [20] D. Wang and P. Wang, “Two birds with one stone: two-factor authentication with security beyond conventional bound,” [5] F. Shu, M. Li, and S. T. Chen, “Research on network security IEEE Transactions on Dependable and Secure Computing, protection system based on dynamic modeling,” in 2017 IEEE vol. 15, no. 4, pp. 708–722, 2018. 2nd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), pp. 1602–1605, [21] D. Wang, W. Li, and P. Wang, “Measuring two-factor authen- Chengdu, China, 2017. tication schemes for real-time data access in industrial wireless sensor networks,” IEEE Transactions on Industrial Informat- [6] A. Hemanidhi, S. Chimmanee, and P. Sanguansat, “Network risk evaluation from security metric of vulnerability detection ics, vol. 14, no. 9, pp. 4081–4092, 2018. tools,” in TENCON 2014-2014 IEEE Region 10 Conference, [22] R. R. Yager, “Pythagorean fuzzy subsets,” in 2013 Joint IFSA pp. 1–6, Bangkok, Thailand, 2014. World Congress and NAFIPS Annual Meeting (IFSA/NAFIPS), [7] J. H. Eom, S. H. Park, and Y. J. Han, “Risk assessment method pp. 57–61, Edmonton, Canada, 2013. based on business process-oriented asset evaluation for infor- [23] M. Fei-xiang, L. Ying-jie, Z. Bo, S. Xiao-yong, and Z. Jing-yu, mation system security,” in Proceedings of the 7th Interna- “Intuitionistic fuzzy petri nets for knowledge representation tional Conference on Computational Science, pp. 1024–1031, and reasoning,” Journal of Digital Information Management, Beijing, China, 2007. vol. 14, no. 2, pp. 104–113, 2016. [8] A. S. Rimsha and A. A. Zakharov, “Method for risk assesment of industrial networks’ information security of gas producing enterprise,” in 2018 Global Smart Industry Conference, pp. 1– 5, Chelyabinsk, Russia, 2018. [9] C. Fang, J. Liu, and Z. Lei, “Fine-grained HTTP web traffic analysis based on large-scale mobile datasets,” IEEE Access, vol. 4, pp. 4364–4373, 2016. [10] Y. Li, J. Wang, D. Zhao, G. Li, and C. Chen, “A two-stage approach for combined heat and power economic emission dispatch: combining multi-objective optimization with inte- grated decision making,” Energy, vol. 162, no. 1, pp. 237–254, http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Wireless Communications and Mobile Computing Hindawi Publishing Corporation

A Security Situation Assessment Model of Information System for Smart Mobile Devices

Loading next page...
 
/lp/hindawi-publishing-corporation/a-security-situation-assessment-model-of-information-system-for-smart-wMOEcIj2iw

References (22)

Publisher
Hindawi Publishing Corporation
Copyright
Copyright © 2020 Lixia Xie et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
ISSN
1530-8669
eISSN
1530-8677
DOI
10.1155/2020/8886516
Publisher site
See Article on Publisher Site

Abstract

Hindawi Wireless Communications and Mobile Computing Volume 2020, Article ID 8886516, 11 pages https://doi.org/10.1155/2020/8886516 Research Article A Security Situation Assessment Model of Information System for Smart Mobile Devices Lixia Xie, Liping Yan, Xugao Zhang, and Hongyu Yang School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China Correspondence should be addressed to Hongyu Yang; hyyang@cauc.edu.cn Received 30 June 2020; Revised 24 August 2020; Accepted 18 September 2020; Published 8 October 2020 Academic Editor: Ding Wang Copyright © 2020 Lixia Xie et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. The accuracy of the existing security situation assessment model of information system for smart mobile devices is affected by expert evaluation preferences. This paper proposes an information system security situation assessment model for smart mobile devices, which is based on the modified interval matrix-entropy weight-based cloud (MIMEC). According to the security situation assessment index system, the interval judgment matrix reflecting the relative importance of different indexes is modified to improve the objectivity of the index layer weight vector. Then, the entropy weight-based cloud is used to quantify the criterion layer and the target layer security situation index, and the security level of the system is graded. The evaluation experiment on the departure control system for smart mobile devices not only verify the validity of this model but also demonstrate that this model has higher stability and reliability than other models. 1. Introduction ment model based on network security vulnerabilities to assess network security risks. However, the model requires Security situation assessment refers to the process of predict- a large amount of data, the risk baseline determination is ing the security situation of the system based on the percep- influenced by experts, and the algorithm complexity is high. tion and acquisition of security elements in a certain time and Hemanidhi et al. [6] calculated the total network risk value space, and the integrated analysis of the acquired data infor- by weighting the quantified results of network risk under mation [1]. The security situation assessment model is neces- different vulnerability detection tools, but the distribution sary for information system administrators of smart mobile of risk value weight for different detection tools is not devices to obtain the dynamic security situation of the reasonable. Eom et al. [7] proposed a risk quantification formula based on threat frequency, asset exposure, and asset system, determine system abnormal events, and make reasonable decisions. protection level, but the determination of threat frequency is Fu et al. [2] proposed a comprehensive evaluation model influenced by subjective factors. Rimsha et al. [8] proposed for information system security risk based on the entropy an information security risk assessment method based on weight coefficient method. The entropy weight coefficient the adjacency matrix. However, a higher-order adjacency method was used to determine the index weight vector and matrix will increase the deviation between the risk value reduce the subjective influence of experts. Luo et al. [3] and the actual security situation. Cheng [9] proposed a proposed a risk assessment model based on the gray com- streaming algorithm to identify user click requests and prehensive measure, but the evaluation model lacks manage- reconstructed user-browser interactions by leveraging the ment dimension indexes. Xi et al. [4] proposed an improved Spark Streaming framework. Rui [10] proposed a two-stage quantitative evaluation model of the network security situa- approach by combining multiobjective optimization tion and optimized the network security situation quantita- (MOO) with integrated decision-making (IDM) to address tive value by game method, but the information source is the problem of combined heat and power economic emis- single. Shu et al. [5] proposed a network security risk assess- sion dispatch (CHPEED). 2 Wireless Communications and Mobile Computing Those indicate that the existing information system secu- Table 1: Notations and abbreviations. rity situation assessment indexes only focus on the technical Symbol Descriptions level without considering the human factors. Moreover, the m Number of comment security situation evaluation is greatly influenced by the subjectivity of experts, and the quantified results cannot Qualitative index comment accurately reflect the information system security situation. Expert value Motivated by those above, in this paper, we propose an Modified factor information system security situation assessment model (ISSSAM) for smart mobile devices, which is based on X Quantitative index the modified interval matrix-entropy weight-based cloud −A Interval judgment matrix (MIMEC). −a ij Interval number 1.1. Contribution. The main contributions of this paper are CR Consistency ratio listed as follows: RI Average random consistency index Interval matrix consistency degree (1) A practical ISSSAM model. To accurately assess the information system security situation for smart Q Number of random matrixes mobile devices, an ISSSAM model is built with con- Number of satisfactory consistency matrix sideration of the modified interval matrix module U Universe and entropy weight-based cloud Membership degree (2) A novel modified algorithm. A modified interval E Expectation value matrix module is proposed to improve the objectivity Entropy of the weight vector. Firstly, the interval judgment n matrix given by experts is modified to improve its H Hyper entropy consistency degree. Secondly, the deterministic matrix with the best consistency degree is searched in the modified interval judgment matrix. Finally, tem dimension (I ), network dimension (I ), data dimension 2 3 the best weight vector is obtained based on the best (I ), and manager dimension (I ). 4 5 deterministic matrix Secondly, there are various ways for us to obtain data as the basis for experts’ scoring and determine qualitative (3) The experimental results of the departure control sys- indexes and quantitative indexes, such as questionnaire tem (DCS) case, prove the effectiveness of our model. Furthermore, compared with other methods, the survey, physical environment assessment, viewing host con- figuration, and obtaining system vulnerabilities through results demonstrate that our model is closer to the practical security situation and improves the reliabil- intrusion detection system. Thirdly, the security situation is quantified by the modi- ity and stability of information system security situa- fied interval matrix module and the entropy weight-based tion assessment cloud module. The interval judgment matrix is given by 1.2. Organization. The rest of this paper is organized as fol- experts, and the modified interval matrix module is used to obtain the best deterministic judgment matrix. Then, the lows. Section 2 presents the security situation assessment model. Section 3 recommends multisource data normaliza- index layer is constructed according to the experts’ evalua- tion. In Section 4, the modified interval matrix module is tion results. Combined with the index layer weight vector, proposed. Section 5 reviews the entropy weight-based cloud the criterion layer based cloud model is constructed, and module. In Section 6, the experimental comparisons are car- the entropy weight coefficient of the criterion layer cloud model is calculated. At last, the situation value of an informa- ried out, and the results are analyzed. Finally, Section 7 gives the conclusions. In addition, the list of notations is shown in tion system for smart mobile devices is obtained by the situ- Table 1. ation value operator. Finally, according to the “Information security technolo- gy—classification guide for classified protection of informa- 2. Security Situation Assessment Model tion systems security” [11] and the comprehensive security situation value of an information system for smart mobile In this paper, a MIMEC based security situation assessment devices, the security situation level is determined. model of information system for smart mobile devices is established (see Figure 1). The assessment process is designed as follows: firstly, 3. Multisource Data Normalization based on the analytic hierarchy process (AHP), a three- layer index system for security situation assessment of an information system for smart mobile devices is established. Since the heterogeneity of multisource data makes it difficult Define that there are 5 evaluation dimensions (see for experts to evaluate, this paper proposes a normalized Figure 2), where they are physical dimension (I ), host sys- method for qualitative and quantitative indexes as follows. 1 Wireless Communications and Mobile Computing 3 Data source Physical environment assessment Determining the information system security AHP situation assessment indicator system Host configuration Determining qualitative, quantitative criteria, IDS expert ratings Personnel management log Entropy weight based cloud module Interval matrix correction module Determining the indicator Structural indicator layer, criterion layer layer weight vector membership cloud model Computational cloud model entropy weight coefficient Information system security situation comprehensive situation value Determine the security level of the information system Figure 1: Security situation assessment model. Target layer Criteria layer Indicator layer Physical access control Anti-theft and vandalism Prevent lightning strikes Physical Temperature and humidity control Electricity supply Identification Disk utilization CPU utilization Host system Memory usage Port traffic Network topology Network access control Information system Network comprehensive security situation Security audit Network trac ffi Integrity Confidentiality Data Availability Backup and recovery Recruitment Personnel leaving the post Manager Personnel assessment Safety education training Figure 2: Evaluation index system. 4 Wireless Communications and Mobile Computing 3.1. Normalization of Qualitative Indexes. Define that there Table 2: Average random consistency index values. are m qualitative index comment classifications, which are Order 1 2 3 4 5 6 7 8 9 β , β , ⋯, β . β ~ β ði, j ∈ 1, 2, ⋯, mÞ represents that the 1 2 m i j RI 0 0 0.52 0.89 1.12 1.26 1.36 1.41 1.46 comment β is better than comment β , then β ~ β ~ ⋯ ~ i j 1 2 β ði, j ∈ 1, 2, ⋯, mÞ. Meanwhile, define that θ is the index which reflects the score of comment and θ ~ N (0, 1). Satisfactory consistency: define that the consistency ratio Suppose that the t is corresponding to comment β which of judgment matrix A is CRðAÞ = ðλ ðAÞ − nÞ/½ðn − 1Þ RI. max reflects the expert score and t is the quantile of N ð0, 1Þ, then When CR ≤ 0:1, we consider the matrix A has satisfactory consistency, where λ ðAÞ is the maximum eigenvalue of max P θ < t = i =1,2, ⋯, m − 1 ð1Þ ðÞ ðÞ matrix A, RI is the average random consistency index (see Table 2). Interval matrix consistency degree: define that γ is the Define that the expert score is V and V = μt , where μ is e e i interval matrix consistency degree. If Q random matrixes the modified factor (this paper takes μ = 100). are generated from interval matrix −A and there are p matrixes has satisfactory consistency, then γ = p/Q. 3.2. Normalization of Quantitative Indexes. Define that the quantitative interval of the index X is [X , X ], the normali- a b 4.2. Modified Interval Matrix Design. The modified interval zation process for the quantitative indexes of different matrix module is shown in Figure 3. dimensions is as follows: The modified interval matrix module is divided into three submodules. They are interval matrix consistency degree (1) Positive index judgment submodule (Interval_matrix_identify), interval matrix element adjustment submodule (Interval_matrix_ x − X adopt), and best deterministic matrix acquisition submodule X = , X > X ð2Þ ðÞ 1 b a (Best_interval_matrix). X − X b a The workflow design of the modified interval matrix module is as follows. Step 1. Calculate the consistency degree value (consis_value) (2) Reverse index of a given interval matrix. X − x Step 2. If consis_value > threshold, then turn to Step 3; else X = ,ðÞ X > X ð3Þ 2 b a X − X b a adjust the interval number elements, and turn to Step 1. 4. Modified Interval Matrix Module Step 3. Calculate the Best_interval_matrix based on the mod- ified matrix. The assessment of the security situation needs to determine the relative importance of each index, and its mathematical Step 4. Calculate the weight vector based on Best_interval_ representation is the weight vector. In this paper, the inter- matrix. val judgment matrix given by experts is modified to improve the degree of consistency, and the deterministic The processing method and process of each sub-module matrix with the best consistency is searched in the modified are explained in detail below. interval judgment matrix to determine the best weight vec- tor. This method not only preserves the subjectivity of 4.2.1. Interval Matrix Consistency Degree Judgment expert evaluation but also improves the objective degree Submodule. The interval judgment matrix given by the expert of the weight vector. generates Q random matrices according to the uniform distribution probability and sequentially calculates the con- 4.1. Related Definitions. Interval judgment matrix: define that sistency ratio CR ðk =1,2, ⋯, QÞ of the generated random the subscript set of n elements is J = f1, 2, ⋯, ng,and the rel- matrix. Let the number of random matrices with a satisfac- ative importance between element i and element j is a . ij tory degree of consistency be p, then the degree of consis- Then, the interval judgment matrix can be represent as −A tency of the interval matrices is γ = p/Q. The larger γ, the = ð−a Þ , i, j ∈ 1, 2, ⋯, n, and the interval number −a is ij ij better the consistency of the interval matrix; the smaller γ, n×n L U U L L U ½a , a , −a = ½1/a ,1/a , a ≤ a . This paper takes 1-9 the worse the consistency of the interval matrix. This paper ij ij ji ij ij ij ij takes Q = 100. scale judgment matrix [12]. Random matrix: define that matrix A = ða Þ , i, j ∈ 1, ij n×n 4.2.2. Interval Matrix Element Adjustment Submodule. When L U 2, ⋯, n, where a ∈ ½a , a . Random number a is generated ij ij ij ij the consistency degree γ is less than a certain threshold, some L U from ½a , a  according to the probability of uniform elements in the interval matrix need to be adjusted. The ij ij distribution. specific process is designed as follows. Wireless Communications and Mobile Computing 5 Consistency degree judgment Matrix element adjustment Best deterministic matrix sub-module sub-module acquisition sub-module Calculate the degree of Initial interval Adjust interval matrix Best deterministic consistency of the judgment matrix elements matrix interval matrix No Yes Best deterministic matrix Consistency level value> Consistency level calculation based on optimized threshold? value interval matrix Figure 3: Design of modified interval matrix. ðn−1Þ L L L L U =1; when i ≠ j, a = min fa , aij , ⋯, a g, a = Step 1. Get subinterval matrix −A by deleting the ele- ij ij1 2 ijω ij U U U − U L max fa , aij , ⋯, a g, and a = ½1/a ,1/a . ments of the hth row and hth column in the interval matrix, ij1 2 ijω ji ij ij ðn−1Þ and compute γ of A . h h U L Step 6. Repeat Step 1~5 until the sum of ∣a − a ∣ ði, j ∈ ij ij ðn−1Þ 1, 2, ⋯, nÞ (the lengths of the interval matrix) is not more Step 2. If γ and γ of the subinterval matrix −A and h1 h2 h1 than 10% of the sum of the lengths of the original interval ðn−1Þ −A > γ of other matrices, adjust the interval elements matrix. h2 h L U L U ½a , a , ½a , a . h1h2 h1h2 h2h1 h2h1 In Step 1, the proportion of each determined number of the randomly generated deterministic matrix in the left half Step 3. Turn to the Interval_matrix_identify submodule, and interval of each interval element of the original interval calculate γ of the adjusted interval judgment matrix. matrix is α, and 0:5 − η < α <0:5+ η (This paper takes η =0:05). After deleting the elements of the hth row and hth col- umn in the interval matrix, the deleted elements are isolated (2) Best deterministic matrix calculation to remain elements. If the consistency degree of this interval matrix improved greatly, it is indicated that the deleted ele- ments have a negative impact to the original matrix. So, we v = w ∗ v + c ∗ rand ∗ðÞ pbest − present , ð4Þ need to invite experts to adjust corresponding elements to improve the consistency degree [13]. present = present + v, ð5Þ 4.2.3. The Best Deterministic Matrix Acquisition Submodule. where v is the speed of optimization, w is used to adjust the This submodule consists of two processes: interval matrix speed of optimization, c is the cognitive factor and usually c convergence and best deterministic matrix calculation. The =2, rand is the random number between (0, 1), pbest is the specific process is designed as follows: current the element in the deterministic matrix with the smallest consistency ratio, and present represents the ele- (1) Interval matrix convergence ment in the current deterministic matrix. Step 1. Input the converged interval matrix (Input_matrix). Step 1. Generate R deterministic matrices according to the uniform distribution probability based on the adjusted inter- Step 2. Initialize a deterministic matrix M , the elements of val judgment matrix. the deterministic matrix are: a , i, j ∈ 1, 2, ⋯, n. When i = j, ij L U a =1; when 1< j ≤ n,1 ≤ i < j, a = ða + a Þ/2; when 1 ij ij ij ij Step 2. Calculate CR ði =1,2, ⋯, RÞ of the R deterministic < i ≤ n,1 ≤ j < i, a =1/a . ij ji matrices, respectively. Step 3. Calculate CR as the initial consistency ratio. Step 3. Get the tth matrix cluster (Cluster_matrix_t)by obtaining first ω consistency ratios of R deterministic Step 4. Generate deterministic matrix M ði =1,2, ⋯, kÞ ran- matrices. domly from Input_matrix. Step 4. Integrate the new interval matrix by using the same Step 5. Calculate its consistency ratio CR , and compare it position elements of different matrices in matrix clusters. with CR . Step 5. Obtain the upper and lower limits of each interval ele- Step 6. If CR < CR , CR = CR , M = M ; else, keep CR and i 0 0 i 0 i 0 ments in the new interval judgment matrix. When i = j, a M unchanged. ij 0 6 Wireless Communications and Mobile Computing Step 7. Adjust each element in each deterministic matrix cloud drops are too discrete, it indicates that the expert according to equations (4) and (5): evaluation opinions differ greatly, then we can apply for reevaluation. U L L U v = min ða − a Þði ≠ j, i, j ∈ 1, 2, ⋯, nÞ, where a ,a max ij ij ij ij (1) Reverse cloud generator are the upper and lower limits of each element of the con- verged interval matrix. If v > v , then take v = v ;if v < max max L U −v , take v = −v .If present ∈ ½a , a , present does not max max ij ij E + E +⋯+E x1 x2 xn L L E = , need to be adjusted; if present <a , then take present = a ; ij ij U U if present > a , take present = a . The initial value of v is ij ij max E , E ,⋯,E − min E , E ,⋯,E fg fg x1 x2 xn x1 x2 xn E = , taken as 0, pbest corresponds to each element in the initial deterministic matrix M in Step 2, and present corresponds 0 0 to each element in the deterministic matrix randomly gener- 2 2 S = 〠 x − E , ðÞ i x ated in Step 2 for the first time. n i=1 qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi 2 2 Step 8. Repeat Step 2~7 for k times. H = S − E , e n ð7Þ On this basis, the eigenvector method can be used to calculate the best weight vector. where E indicates the percentage result of the ith expert xi 5. Entropy Weight-Based Cloud Module evaluation and n indicates the number of experts. The digital features of the membership cloud (E , E , H ) are calculated x n e 5.1. Related Definitions. Membership cloud [14]: define that by the above equations. U is a certain universe, where U = fxg and S is language value corresponding to accuracy number x. x is a random (2) Forward cloud generator number with a stable tendency for membership degree C ðXÞ, and the distribution of membership degree on the universe is called membership cloud. Step 1. E = Randn ðE , H Þ, which takes E as the expecta- nn n e n The digital characteristics of the cloud: the description of tion and produces a normally distributed random number cloud rely on 3 parameters. They are expectation value E , E with H as the standard deviation. nn e entropy E , hyper entropy H , where E reflects a concept n e x corresponds to the central value of a universe, E reflects Step 2. x = Randn ðE , E Þ, which takes E as the expecta- i x nn x the fuzziness of the concept and E reflects the degree of tion and generates a normally distributed random number cloud droplet dispersion. x with E as a standard deviation. i nn Entropy [2]: entropy measures the uncertainty of the sys- tem. Define that the system may stay in n different states and Step 3. ξ = exp ½−ðx − E Þ /ð2E Þ, the degree of mem- i i x nn the probability of each state occurs is p ði =1,2, ⋯, nÞ, then bership is calculated according to the equation, and the the entropy of the system is pair (x , ξ ) represents a cloud drop distributed over the i i universe U. E = −〠 p ln p ð6Þ i i Step 4. Step 1 through Step 3 is performed cyclically until i=1 enough cloud drops are generated to restore the expert eval- uation results in the form of a cloud model. where 0 ≤ p ≤ 1 and p + ⋯+p =1. When p =1/n, E = i 1 n i max ln n. Then, when the system has only one state n =1 and 5.3. Membership Cloud Gravity Center. The result of the E =0, the system is determined. With the increase of n, min expert evaluation of f indexes subordinate to the criterion the number of possible states gets higher, then the entropy layer can be represented by f -dimensional membership gets bigger. And the dispersion of the system becomes bigger, clouds. The f -dimensional comprehensive membership and it can provide less information. Thus, the less important cloud of the dimension can be formed by a membership this system is relative to other systems. cloud gravity center. This paper uses the vector g to represent the gravity center vector of this cloud which is 5.2. Expert Evaluation of Membership Cloud. For the evalua- tion of a certain index, n experts are invited to conduct the evaluation of a certain index, and the evaluation g = g , g , ⋯, g : ð8Þ 1 2 f results are converted into a percentage form according to Section 3. The membership clouds represent the evaluation results of the n experts. First, the three digital features where g = E · w ði =1, 2, ⋯, f Þ, E represents the expected xi i xi (E , E , H ) of the cloud model are calculated by the value of the ith membership cloud, and w represents the x n e i reverse cloud generator. Then, the expert evaluation results weight corresponding to the index which is calculated by are restored by the forward cloud generator. Finally, if the the modified interval matrix module. Wireless Communications and Mobile Computing 7 Worse Bad Average Good Excellent Assuming that the initial state of the system is ideal, the initial cloud center of gravity vector of the f -dimensional integrated membership cloud is 0.8 0.6 0 0 0 0 g = g , g , ⋯, g : ð9Þ 1 2 f 0.4 0.2 The cloud gravity center vector representing the current expert evaluation result is 0 0.2 0.4 0.6 0.8 1 ′ ′ ′ ′ g = g , g , ⋯, g : ð10Þ 1 2 f Figure 4: Evaluation cloud model. Then, normalize the changes in the gravity center vector of information system software and hardware. The change of the f -dimensional integrated cloud is of managers will cause the weight vector of the criterion 8 layer to change, which will affect the system the total secu- > g − g > i i 0 rity assessment value. > ′ ,g ≤ g 0 i i g Given the above problems, based on the cloud gravity g = ð11Þ i center-weighted deviation of each index in the known crite- > g − g > i 0 rion layer, by reviewing the comments of the activated com- > ′ ,g >g i i g ments in the cloud model and the support of each comment, the dimension indexes of the criterion layer are determined relative to each comment. The support matrix P is as shown where i =1,2, ⋯, f . Calculate the weighted deviation δ from the weight vector in Table 3. W = ðw , w , ⋯, w Þ: X , X , X , X , and X in Table 3 correspond to the 5 1 2 f 1 2 3 4 5 dimensions of the criterion layer, respectively, and p indi- ij cates the degree of support of the ith index to the jth com- δ = 〠 g ∗ w : ð12Þ ment (i, j ∈ 1, 2, 3, 4, 5). i=1 Calculate the absolute entropy of each dimension index by using equation (13): Enter δ into the evaluation cloud model to get the sup- port level of this dimension index for different comments H = −〠 p ln p , ð13Þ in the criterion layer [15]. The evaluation cloud model is i ij ij j=1 shown in Figure 4. In the process of quantifying the situation from the index when p = p = ⋯ = p , there is H =ln n. Calculate the i1 i2 in max layer to the criterion layer, the cloud gravity center evaluation relative entropy value of each dimension index by using method can be used to calculate the weighted deviation and equation (13) obtain the safety situation value of the different dimension indexes in the criterion layer, and the process of quantifying the situation from the criterion layer to the target layer. In the μ = − 〠 p ln p : ð14Þ i ij ij traditional method [16], the dimension indexes of the default ln n j=1 criterion layer are usually the same relative importance, but the relative importance of different indexes in the criterion The weight of the corresponding index is expressed by layer is not distinguished. This has certain limitations on (1-μ ), which is normalized: the quantitative value of the comprehensive security situation of the information system. τ = 1 − u , ð15Þ ðÞ First, at a certain moment, the relative importance of i n i n−∑ u i=1 i the physical dimension, host dimension, network dimen- sion, data dimension, and manager dimension of different where τ ∈ ½0, 1 and τ + ⋯+τ =1, τ is the entropy i 1 n i information systems is different. The reason is that some weight coefficient of the subordinate cloud corresponding information systems and external network channels are to X . less or even isolation, the main factor affecting the security The weight vector corresponding to each comment in the of the system type is behavior adjustment management given evaluation cloud model is set as U = ðu , u , worse bad [17], and some information systems often face threats u , u , u Þ = ð1/15, 2/15, 1/5, 4/15, 1/3Þ [2, 18]. average good excellent such as vulnerabilities and malicious attacks, so it is neces- The information system comprehensive security situa- sary to focus on the protection of their host and network tion value operator is equation (16): dimension indexes. Second, for the same information sys- tem, the main influencing factors affecting its security V =1 − τ ∗ P ∗ U : ð16Þ situation will change with time. This is due to the update Membership 8 Wireless Communications and Mobile Computing as an example to illustrate the application process of the eval- Table 3: Support matrix. uation model. Criteria layer Worse Bad Average Good Excellent 6.1. Normalization of Multisource Data. For the four X P P P P P 1 11 12 13 14 15 subindexes of the network dimension ðI ÞðI , I , I , I Þ 3 31 32 33 34 X P P P P P 2 21 22 23 24 25 = ðnetwork topology, network access control, security audit, X P P P P P 3 31 32 33 34 35 network trafficÞ, 10 experts are invited to evaluate each sub- P P index. Take “identification” (in Figure 2) for example, when X P P P 4 41 42 43 44 45 password guessing [19] or two-factor authentication schemes X P P P P P 5 51 52 53 54 55 [20, 21] are implemented, the security situation will reach a serious state which needs the information system manager Table 4: Security situation level. give emergency reaction to keep the system stay a good state. And experts will give a score between 80 and 100, which rep- V [0,0.2] (0.2,0.4] (0.4,0.6] (0.6,0.8] (0.8,1] resents the situation is bad. Then according to Section 3, the Level Worse Bad Average Good Excellent evaluation of qualitative and quantitative indexes was unified into the score under the percentage system, and the scores of the subindexes are shown in Table 5. Table 5: Experts’ evaluation percentage. 6.2. Determine Index Weights. The interval judgment matrix ExpertiI I I I 31 32 33 34 is given by experts on the relative importance of the four 1 978690 96 subindexes: 2 928992 93 0 1 3 949094 95 13½,4 ½ 3, 5 ½ 3, 5 4 898794 94 B C B C ½ 1/4, 1/3 1 ½ 1/2, 1 ½ 2, 5 5 928693 94 0 B C A = : ð18Þ B C 6 958992 95 B C ½ 1/5, 1/3 ½ 1, 2 1 ½ 1/3, 1 @ A 7 908595 96 ½ 1/5, 1/3 ½ 1/5, 1/2 ½ 1, 3 1 8 888891 94 9 988890 95 According to the method in Section 4, firstly judge the 10 96 87 91 95 consistency degree of the interval matrix, and take the consis- tency degree threshold value to be 0.6 to obtain γ =0:76 > 0:6 [13], which shows that the consistency degree of the interval This paper determines the security situation level accord- ing to [2, 14], as shown in Table 4. The system security situ- matrix meets the requirements, and no further interaction with the experts is needed. This matrix is used as the best ation level can be determined by combining the V value. interval matrix in Section 4.2.3. Then, the interval matrix is 5.4. Analysis of Algorithm Complexity. In the proposed converged, and R = 100, ω =10. After 7 iterations, the model, there are two modules. First, we modified the interval convergence interval matrix is matrix to get the best deterministic matrix and obtained the 0 1 best weight vector. This process traverses all interval matrix 13:210,3:463 3:653,4:000 4:202,4:417 ½½½ elements at least twice. The complexity of this process is B C B C ½ 0:289,0:312 10½ :934,0:953 ½ 2:029,2:040 Oðn Þ. After we get the best weight vector, we need to evalu- B C A = : B C B C ate each index according to the entropy weight-based cloud. ½ 0:250,0:274 ½ 1:049,1:070 10½ :894,0:905 @ A The complexity of the whole process is OðnÞ. Finally, we cal- 0:226,0:238 0:490,0:493 1:104,1:119 1 ½½½ culate the situation security value through equation (16). ð19Þ Therefore, we can obtain the complexity of the whole model as follows. Based on this matrix, the optimization process based on the adjusted deterministic matrix is obtained under the Ω =On +OnðÞ ð17Þ condition of the number of optimization times k = 1 000, and the best deterministic matrix is 6. Results and Discussion 0 1 13½ :300 679 ½ 3:874 924 ½ 4:261 778 B C The model proposed in this paper is applied to the departure B C ½ 0:300 351 10½ :942 991 ½ 2:032 611 best B C control system for smart mobile devices. The system security A = : B C B C ½ 0:259 102 ½ 1:057 097 10½ :899 372 situation assessment is conducted every Tuesday, from @ A October 1 to December 23, 2018, for a total of 12 times. ½ 0:233 799 ½ 0:490 148 ½ 1:109 949 1 The following experiment uses the evaluation of the network ð20Þ dimension of the system criterion layer on October 9, 2018, Wireless Communications and Mobile Computing 9 The first sub-index reduction map The second sub-index reduction map 1 1 0.5 0.5 0 0 80 85 90 95 100 80 85 90 95 100 Score Score The third sub-index reduction map The fourth sub-index reduction map 1 1 0.5 0.5 0 0 80 85 90 95 100 80 85 90 95 100 Score Score Figure 5: Reduction of four indexes’ evaluation. Table 6: Expected values and weights of each index. Worse Bad Average Good Excellent Index I I I I I 3i 31 32 33 34 0.8 Expected value E 92.96 87.50 92.22 94.72 0.6 Weight w 0.555 665 0.178 134 0.144 072 0.122 129 3i 0.4 0.2 The consistency ratio is CR =0:022 591 < 0:1.Thismatrix has satisfactory consistency. The weight vector obtained is 0 0.2 0.4 0.6 0.8 1 w = ð0:555 665,0:178 134,0:144 072,0:122 129Þ. Figure 6: Evaluation cloud activation. 6.3. Situation Quantification and Grading. The experts’ eval- uation results are restored by the cloud, as shown in Figure 5. The evaluation support vector for the other four- Since the cloud droplets of each cloud model are more con- dimensional indexes of the criterion layer is the same as the centrated, it indicates that the experts’ evaluation comments calculation process of the network dimension and will not be described here. are more consistent, so there is no need to request experts’ reevaluation. The obtained security level value vector of each dimen- The expected value vectors of the four subindexes of net- sion of the criterion layer is (0.677 2,0.731 4,0.920 9,0.522 work dimension based on the graph and the weight corre- 5,0.643 4), and the comment support matrix P is shown in sponding to each expected value obtained based on Section Table 7. According to equations (13)–(15), the criterion layer 6.2 are shown in Table 6. According to equations (11) and (12), the weighted devi- index entropy weight coefficient vector can be calculated as: ation degree is δ = −0:079 134, and the security situation τ = ð0:143, 0:380, 0:121, 0:307, 0:049Þ. The comprehensive value of the network dimension is 0.920 866. Inputting δ into security situation value of this system is 0.752. Combined the evaluation cloud model indicates that the network with Table 4, the security situation of the information system is in an “excellent” state, which is consistent with the actual dimension is in “excellent” state, as shown in Figure 6. For the normal curve fitting of the evaluation cloud situation. model, the support degree of the comment “good” is 0.122 The security situation assessment method in this paper, 04, the support degree of the comment “excellent” is 0.636 the entropy weight coefficient method [2], the improved 88. The remaining support degree 1 − 0:122 04 − 0:636 88 = Hidden Markov Model [4], and the AHP method [12] are applied to the evaluation of this system. The criterion layer 0:241 08 is allocated by the reciprocal ratio of the distance between the dimension and the expected value of the other security situation and total security situation are evaluated, three inactive reviews. The network dimension comment as shown in Figures 7 and 8. support vector ðp , p , p , p , p Þ = ð0:052 86, 0:072 56, As can be seen from Figures 7 and 8, the fluctuation of 31 32 33 34 35 the situation assessment value of the model in this paper 0:115 66, 0:122 04, 0:636 88Þ. Certain degree Certain degree Certain degree Certain degree Membership 10 Wireless Communications and Mobile Computing Table 7: Comment support. 0.9 Criteria layer Worse Bad Average Good Excellent X 0.045 93 0.072 19 0.104 12 0.682 61 0.095 54 0.8 0.000 67 0.001 02 0.201 11 0.975 38 0.001 82 2 0.7 0.052 86 0.072 56 0.115 66 0.122 04 0.636 88 0.6 0.002 94 0.056 40 0.964 18 0.024 02 0.032 19 0.5 0.074 71 0.122 19 0.227 29 0.441 00 0.134 80 0.4 0.3 0.2 0.9 0.1 0.8 1234567 8 9 10 11 12 0.7 Week/weeks 0.6 the AHP method 0.5 the entropy weight coefficient method the improved Hidden Markov Model 0.4 the method of this paper 0.3 Figure 8: Total security situation. 0.2 Second, due to the difference of experts’ ability, it is diffi- 0.1 cult to judge the relative importance of each dimension index in the criterion layer uniformly. Based on multisource data 1234567 8 9 10 11 12 normalization, the entropy weight coefficient of each cloud Week/weeks model corresponding to the criterion layer index is used to 11 situation value of the entropy weight coefficient method avoid weighting directly for the criterion layer index. There- 13 situation value of the entropy weight coefficient method 14 situation value of the entropy weight coefficient method fore, the total situation value of the actual system can avoid 11 situation value of the AHP method large fluctuation and improve the stability of information 13 situation value of the AHP method system security situation assessment. 14 situation value of the AHP method I1 situation value of the improved Hidden Markov Model I3 situation value of the improved Hidden Markov Model I4 situation value of the improved Hidden Markov Model 7. Conclusions I1 situation value of the method of this paper I3 situation value of the method of this paper I4 situation value of the method of this paper This paper proposes a MIMEC-based security situation assessment model of information system for smart mobile Figure 7: Criterion layer security situation. devices. This model modifies the interval judgment matrix, finds the best deterministic matrix to determine the index layer weight vector, and combines the entropy weight mem- is obviously smaller than that obtained by the entropy bership cloud to quantify and grading the security situation. weight coefficient method [2], the improved Hidden Through the experiment on the departure control system Markov Model [4], and the AHP method [12]. There are for smart mobile devices, we found that the existing informa- two reasons: first, the model in this paper improves the tion system is always in a serious situation, which means the objective degree of the weight vector by modifying the information system manager is supposed to take some mea- interval matrix and overcomes the shortcoming of the sures to protect the system. We believe that our findings strong subjectivity of the traditional AHP method. At the and our model can extend the models used in previous work same time, by judging the dispersion degree of the subor- and correct shortcomings of previous models. And compared dinate cloud droplets of the experts’ evaluation results, the evaluation results with other methods, it shows that our abnormal index values can be found and reevaluation. model has good reliability and stability. Compared with the entropy weight coefficient method, Our future work will focus on this study to assess exten- unreasonable index weighting can be avoided. Therefore, sive information system situation security for smart mobile the quantitative result of the model in this paper is more devices. In addition, more realistic assessment methods such appropriate to the actual system security situation, which as Pythagorean Fuzzy Subsets [22], and Intuitionistic Fuzzy improves the reliability of this information system security Petri Nets [23] will be used to improve the accuracy of the situation assessment model. proposed model. Situation value Situation value Wireless Communications and Mobile Computing 11 Data Availability [11] General Administration of Quality Supervision, Inspection and Quarantine of the People’s Republic of China, Standardi- The raw/processed data required to reproduce these findings zation Administration of the People’s Republic of China, cannot be shared at this time as the data also forms part of an Information security technology—classification guide for classi- ongoing study. fied protection of information systems security: GB/T 22240—2008, Standards Press of China, Beijing, 2008. [12] X. Cheng, Information System Security Situation Assessment Conflicts of Interest and Risk Control Method Based on Operation-Flow, Civil Avi- ation University of China, Tianjin, 2016. The authors declare that there is no conflict of interest [13] J. J. Zhu, S. X. Liu, and M. G. Wang, “Novel weight approach regarding the publication of this paper. for interval numbers comparison matrix in the analytic hierar- chy process,” Systems Engineering-Theory & Practice, vol. 25, no. 4, pp. 29–34, 2005. Acknowledgments [14] D. Li, M. Haijun, and S. Xuemei, “Membership clouds and This work was supported by the Civil Aviation Joint Research membership cloud generators,” Journal of Computer Research and Development, vol. 32, no. 6, pp. 15–20, 1995. Fund Project of the National Natural Science Foundation of China under granted number U1833107. [15] Z. H. Feng, J. C. Zhang, K. Zhang, and W. Liu, “Techniques for battlefield situation assessment based on cloud-gravity-center assessing,” Fire Control & Command Control, vol. 36, no. 3, References pp. 13–15, 2011. [16] Z. W. Li, The Study on the Information System Risk Assessment [1] X. H. Qu and X. M. Shi, “Research of network security situa- and Management Countermeasure, Beijing Jiaotong Univer- tion assessment based on AHP,” Techniques of Automation sity, Beijing, 2010. and Applications, vol. 37, no. 11, pp. 43–45, 2018. [17] Y. B. Li, Analysis and Design of MIS (Management Information [2] Y. Fu, X. P. Wu, and Q. Ye, “An approach for information System) on Nuclear Power Construction of SD, Shandong Uni- systems security risk assessment on fuzzy set and entropy- versity, Jinan, 2013. weight,” Acta Electronica Sinica, vol. 38, no. 7, pp. 1489– [18] D. M. Zhao, Y. Q. Zhang, and J. F. Ma, “Fuzzy risk assessment 1494, 2010. of entropy-weight coefficient method applied in network secu- [3] H. S. Luo, Y. J. Shen, and G. D. Zhang, “Information security rity,” Computer Engineering, vol. 30, no. 18, pp. 21–23, 2004. risk assessment based on two stages decision model with grey [19] D. Wang, Z. J. Zhang, P. Wang, J. Yan, and X. Y. Huang, “Tar- synthetic measure,” in Proceedings of the 6th IEEE Interna- geted Online Password Guessing: An Underestimated Threat,” tional Conference on Software Engineering and Service Science, in Proceedings of the 2016 ACM SIGSAC Conference on Com- pp. 795–798, Beijing, China, 2015. puter and Communications Security (ACM CCS 2016), [4] R. R. Xi, X. C. Yun, and Y. Z. Zhang, “An improved quantita- pp. 1242–1254, Vienna, Austria, 2016. tive evaluation method for network security,” Chinese Journal of Computers, vol. 38, no. 4, pp. 749–758, 2015. [20] D. Wang and P. Wang, “Two birds with one stone: two-factor authentication with security beyond conventional bound,” [5] F. Shu, M. Li, and S. T. Chen, “Research on network security IEEE Transactions on Dependable and Secure Computing, protection system based on dynamic modeling,” in 2017 IEEE vol. 15, no. 4, pp. 708–722, 2018. 2nd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), pp. 1602–1605, [21] D. Wang, W. Li, and P. Wang, “Measuring two-factor authen- Chengdu, China, 2017. tication schemes for real-time data access in industrial wireless sensor networks,” IEEE Transactions on Industrial Informat- [6] A. Hemanidhi, S. Chimmanee, and P. Sanguansat, “Network risk evaluation from security metric of vulnerability detection ics, vol. 14, no. 9, pp. 4081–4092, 2018. tools,” in TENCON 2014-2014 IEEE Region 10 Conference, [22] R. R. Yager, “Pythagorean fuzzy subsets,” in 2013 Joint IFSA pp. 1–6, Bangkok, Thailand, 2014. World Congress and NAFIPS Annual Meeting (IFSA/NAFIPS), [7] J. H. Eom, S. H. Park, and Y. J. Han, “Risk assessment method pp. 57–61, Edmonton, Canada, 2013. based on business process-oriented asset evaluation for infor- [23] M. Fei-xiang, L. Ying-jie, Z. Bo, S. Xiao-yong, and Z. Jing-yu, mation system security,” in Proceedings of the 7th Interna- “Intuitionistic fuzzy petri nets for knowledge representation tional Conference on Computational Science, pp. 1024–1031, and reasoning,” Journal of Digital Information Management, Beijing, China, 2007. vol. 14, no. 2, pp. 104–113, 2016. [8] A. S. Rimsha and A. A. Zakharov, “Method for risk assesment of industrial networks’ information security of gas producing enterprise,” in 2018 Global Smart Industry Conference, pp. 1– 5, Chelyabinsk, Russia, 2018. [9] C. Fang, J. Liu, and Z. Lei, “Fine-grained HTTP web traffic analysis based on large-scale mobile datasets,” IEEE Access, vol. 4, pp. 4364–4373, 2016. [10] Y. Li, J. Wang, D. Zhao, G. Li, and C. Chen, “A two-stage approach for combined heat and power economic emission dispatch: combining multi-objective optimization with inte- grated decision making,” Energy, vol. 162, no. 1, pp. 237–254,

Journal

Wireless Communications and Mobile ComputingHindawi Publishing Corporation

Published: Oct 8, 2020

There are no references for this article.