Towards Ontological Approach to Security Risk Analysis of Information System: Model and Architecture

International journal of secure software engineering Pub Date : 2016-07-01 DOI:10.4018/IJSSE.2016070101

O. Arogundade, O. Adeniran, Zhi Jin, Xiaoguang Yang

{"title":"Towards Ontological Approach to Security Risk Analysis of Information System: Model and Architecture","authors":"O. Arogundade, O. Adeniran, Zhi Jin, Xiaoguang Yang","doi":"10.4018/IJSSE.2016070101","DOIUrl":null,"url":null,"abstract":"Resource allocation decisions can be enhanced by performing risk assessment during the early development phase. In order to improve and maintain the security of the Information System IS, hereafter, there is need to build risk analysis model that can dynamically analyze threat data collected during the operational lifetime of the IS. In this paper the authors propose an ontological approach to accomplishing this goal. They present analyzer model and architecture, an agent-based risk analysis system ARAS which gathers identified threats events, probe them and correlates those using ontologies. It explores both quantitative and qualitative risk analysis techniques using real events data for probability predictions of threats based on an existing designed security ontology. To validate the feasibility of the approach a case study on e-banking system has been conducted. Simulated IDS output serves as input into the risk analysis system. The authors used JADE to implement the agents, protege OWL to create the ontology and ORACLE 11g SQL developer for the database. Optimistic results were obtained.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"102 1","pages":"1-25"},"PeriodicalIF":0.0000,"publicationDate":"2016-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJSSE.2016070101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Resource allocation decisions can be enhanced by performing risk assessment during the early development phase. In order to improve and maintain the security of the Information System IS, hereafter, there is need to build risk analysis model that can dynamically analyze threat data collected during the operational lifetime of the IS. In this paper the authors propose an ontological approach to accomplishing this goal. They present analyzer model and architecture, an agent-based risk analysis system ARAS which gathers identified threats events, probe them and correlates those using ontologies. It explores both quantitative and qualitative risk analysis techniques using real events data for probability predictions of threats based on an existing designed security ontology. To validate the feasibility of the approach a case study on e-banking system has been conducted. Simulated IDS output serves as input into the risk analysis system. The authors used JADE to implement the agents, protege OWL to create the ontology and ORACLE 11g SQL developer for the database. Optimistic results were obtained.

查看原文本刊更多论文

信息系统安全风险分析的本体论方法:模型与体系结构

可以通过在早期开发阶段执行风险评估来增强资源分配决策。为了提高和维护信息系统的安全性，今后需要建立风险分析模型，对信息系统生命周期内收集到的威胁数据进行动态分析。在本文中，作者提出了一种本体论的方法来实现这一目标。提出了一种基于agent的风险分析系统ARAS，该系统能够收集已识别的威胁事件，对其进行探测，并使用本体将其关联起来。它探索了定量和定性的风险分析技术，使用真实事件数据进行基于现有设计的安全本体的威胁概率预测。为了验证该方法的可行性，本文以电子银行系统为例进行了研究。模拟的IDS输出作为风险分析系统的输入。使用JADE实现代理，使用protege OWL创建本体，使用ORACLE 11g SQL developer开发数据库。取得了乐观的结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International journal of secure software engineering

自引率

0.00%

发文量