Identification of &lgr;-fuzzy measure by genetic algorithms
Fuzzy Sets and Systems
Fuzzy Systems for Management
Security, Accuracy, and Privacy in Computer Systems
Security, Accuracy, and Privacy in Computer Systems
Fuzzy Multiple Attribute Decision Making: Methods and Applications
Fuzzy Multiple Attribute Decision Making: Methods and Applications
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
Common Vulnerability Scoring System
IEEE Security and Privacy
International Journal of Electronic Commerce
Evaluation of Intrusion Detection Systems Under a Resource Constraint
ACM Transactions on Information and System Security (TISSEC)
An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price
IEEE Transactions on Software Engineering
Estimating the market impact of security breach announcements on firm values
Information and Management
An analysis of CVSS version 2 vulnerability scoring
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Deterring voluntary trace disclosure in re-encryption mix-networks
ACM Transactions on Information and System Security (TISSEC)
Information Systems Research
Quantifying security risk level from CVSS estimates of frequency and impact
Journal of Systems and Software
ACM Transactions on Management Information Systems (TMIS)
VRSS: A new system for rating and scoring vulnerabilities
Computer Communications
Practical and efficient cryptographic enforcement of interval-based access control policies
ACM Transactions on Information and System Security (TISSEC)
Are markets for vulnerabilities effective?
MIS Quarterly
Improving VRSS-based vulnerability prioritization using analytic hierarchy process
Journal of Systems and Software
| Hi-index | 0.00 |
The aim of this study is to formulate an analysis model which can express the security grades of software vulnerability and serve as a basis for evaluating danger level of information program or filtering hazardous weaknesses of the system and improve it to counter the threat of different danger factors. Through the utilization of fuzzy analytic hierarchy process (FAHP), we will organize the crossover factors of the software blind spots and build an evaluation framework. First of all, via the fuzzy Delphi method the aspects and relative determinants affecting security will be filtered out. Then we will identify the value equation of each factor and settle down the fuzzy synthetic decision making model of software vulnerability. Thanks to this model we will be able to analyze the various degrees to which the vulnerability is affecting the security and this information will serve as a basis for future ameliorations of the system itself. The higher the security score obtained therefore imply securer system. Beside this, this study also propose an improvement from the traditional fuzzy synthetic decision making model for measuring the fuzziness between enhancement and independence of various aspects and criteria. Furthermore taking into consideration the subjectivity of human in reality and constructing the fuzzy integral decision making model. Through case study, we show that the evaluation model in question is practical and can be applied on the new software vulnerabilities and measure their degree of penetration. The fuzzy integral decision making emphasize through formulation the multiply-add effect between different factors influencing information security.