Towards Ontological Approach to Security Risk Analysis of Information System
| Autor: | Oluwasefunmi 'Tale Arogundade, Zhi Jin, Yang Xiao-guang, Olusola J. Adeniran |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Risk analysis
SQL Computer science 02 engineering and technology Intrusion detection system Ontology (information science) Protégé Oracle Risk analysis (engineering) 020204 information systems 0202 electrical engineering electronic engineering information engineering Information system 020201 artificial intelligence & image processing Qualitative risk analysis computer computer.programming_language |
| Zdroj: | International Journal of Secure Software Engineering. 7:1-25 |
| ISSN: | 1947-3044 1947-3036 |
| Popis: | Resource allocation decisions can be enhanced by performing risk assessment during the early development phase. In order to improve and maintain the security of the Information System (IS, hereafter), there is need to build risk analysis model that can dynamically analyze threat data collected during the operational lifetime of the IS. In this paper the authors propose an ontological approach to accomplishing this goal. They present analyzer model and architecture, an agent-based risk analysis system (ARAS) which gathers identified threats events, probe them and correlates those using ontologies. It explores both quantitative and qualitative risk analysis techniques using real events data for probability predictions of threats based on an existing designed security ontology. To validate the feasibility of the approach a case study on e-banking system has been conducted. Simulated IDS output serves as input into the risk analysis system. The authors used JADE to implement the agents, protégé OWL to create the ontology and ORACLE 11g SQL developer for the database. Optimistic results were obtained. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|