Fuzzy-clustering-based unweighted risk overall evaluation algorithm

WANG Jian-jun, LI Jian-ping, DU Shi-fu

Systems Engineering - Theory & Practice ›› 2015, Vol. 35 ›› Issue (8) : 2137-2143.

PDF(511 KB)
中国科学院数学与系统科学研究院期刊网
PDF(511 KB)
Systems Engineering - Theory & Practice ›› 2015, Vol. 35 ›› Issue (8) : 2137-2143. DOI: 10.12011/1000-6788(2015)8-2137

Fuzzy-clustering-based unweighted risk overall evaluation algorithm

  • WANG Jian-jun1,2, LI Jian-ping1, DU Shi-fu1
Author information +
History +

Abstract

Risk evaluation gave a certain result by analyzing uncertain risk factors and risk aggregation was requested if there were multiple risks. Traditional risk aggregation method, which rested on the risk weights, was difficult to be objective in the distributed environment, especially in the mobile environment because mobile nodes were mobile and random. Compensational competing risk aggregation algorithm (CCRAA) building on the basic concept of fuzzy clustering is proposed in this paper, where the risk value is compensated to shorten its distance from the clustering center so that the compensated risk value converges toward the clustering center and the aggregated risk is determined as the average of the maximal and minimal risk values. CCRAA averts the dependency in the traditional risk aggregation method on risk limits or weights while it leaves the sum of risks unchanged and has no effect on the magnitude of the aggregated risk. A test is described to have demonstrated that CCRAA is superior to the traditional method with respect to the effectiveness in aggregation and stability.

Key words

risk evaluation / risk aggregation / risk weight / fuzzy clustering / compensational competition

Cite this article

EndNote

Ris (Procite)

Bibtex

Download Citations
WANG Jian-jun , LI Jian-ping , DU Shi-fu. Fuzzy-clustering-based unweighted risk overall evaluation algorithm. Systems Engineering - Theory & Practice, 2015, 35(8): 2137-2143 https://doi.org/10.12011/1000-6788(2015)8-2137

References

[1] Celikel E, Kantarcioglu M, Thuraisinghan B, et al. Managing risks in RBAC employed distributed environments[C]//On the Move to Meaningful Interuct Systems, Vilamoura, 2007: 1548-1566.
[2] Celikel E, Kantarcioglu M, Thuraisingham B, et al. A risk management approach to RBAC[J]. Risk and Decision Analysis, 2009, 1(11): 21-33.
[3] Molloy I, Dickens L, Charles M, et al. Risk-based security decisions under uncertainty[C]//2012 ACM Conference on Data and Application Security and Privacy, San Antonio, 2012: 157-168.
[4] 葛海慧, 肖达, 陈天平,等. 基于动态关联分析的网络安全分析评估方法[J]. 电子与信息学报, 2013, 35(11): 2630-2636. Ge Haihui, Xiao Da, Chen Tianping, et al. Quantitative evaluation approach for real-time risk based on attack event correlating[J]. Journal of Electronics & Information Technology, 2013, 35(11): 2630-2636.
[5] Luo J. Risk based mobile access control (RiBMAC) policy framework[C]//Military Communications Conference, Baltimore, 2011: 1448-1453.
[6] Sharma M, Bai Y, Chung S, et al. Using risk in access control for cloud-assisted eHealth[C]//International Conference on High Performance Computing and Communications, Liverpool, 2012: 1047-1052.
[7] Nissanke N, Khayat E J. Risk based security analysis of permissions in RBAC[C]//2nd International Workshop on Security in Information Systems, 2004: 332-341.
[8] Nawarathna U, Kodithuwakku S R. A fuzzy role based access control model for database security[C]//Proceedings of the International Conference on Information and Automation, Colombo, 2005: 313-318.
[9] Chapin P, Skalka C, Wang X S. Risk assessment in distributed authorization[C]//Proceedings of the 2005 ACM Workshop on Formal Methods in Security Engineering, Alexandria, 2005: 33-41.
[10] Weili H, Qun N, Hong C. Apply Measurable risk to strengthen security of a role-based delegation supporting workflow Ssystem[C]//Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, London, 2009: 45-52.
[11] Ni Q, Bertino E, Lobo J. Risk-based access control systems built on fuzzy inferences[C]//Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, Beijing, 2010: 250-260.
[12] Baracaldo N, Joshi J. A trust-and-risk aware RBAC framework: Tackling insider threat[C]//Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, Newark, 2012: 167-176.
[13] Chari S, Lobo J, Molloy I. Practical risk aggregation in RBAC models[C]//Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, Newark, 2012: 117-118.
[14] Cheng P C, Rohatgi P, Wagner G M, et al. Fuzzy multi-level security: An experiment on quantified risk-adaptive access control[C]//IEEE Symposium on Security and Privacy, Oakland, 2007: 222-230.
[15] 袁家斌, 魏利利, 曾青华. 面向移动终端的云计算跨域访问委托模型[J]. 软件学报, 2013, 24(3): 564-574.Yuan Jiabin, Wei Lili, Zeng Qinghua. Delegation based cross-domain access control model under cloud computing for mobile terminal[J]. Journal of Software, 2013, 24(3): 564-574.
[16] Chandran S M, Joshi J B D. LoT-RBAC: A location and time-based RBAC model[C]//Proceedings of the 6th International Conference on Web Information Systems Engineering, 2005: 361-375.
[17] Ray I, Toahchoodee M. A spatio-temporal role-based access control model[C]//Proceedings of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Berlin, 2007: 211-226.
[18] 李士勇. 工程模糊数学及应用[M]. 哈尔滨:哈尔滨工业大学出版社, 2004.Li Shiyong. Engineering fuzzy mathematics with applications[M]. Harbin: Harbin Institute of Technology Press, 2004.
PDF(511 KB)

339

Accesses

0

Citation

Detail
Sections
Recommended

/