An Approach to Evaluating the Computer Network Security with Hesitant Fuzzy Information

An Approach to Evaluating the Computer Network Security with Hesitant

Fuzzy Information

1

Jianfeng Dong

1, First and Corresponding Author

Center for Education Technology, Zhejiang International Studies

University, Hangzhou, 310012, China, E-mail: [email protected]

Abstract

The problem of evaluating the computer network security with hesitant fuzzy information is the multiple attribute decision making (MADM) problems. In this paper, we investigate the multiple attribute decision making (MADM) problems for evaluating the computer network security with hesitant fuzzy information. Then, we utilize the hesitant fuzzy geometric Bonferroni mean (HFGBM) operator to aggregate the hesitant fuzzy information, then rank the alternatives and select the most desirable one(s) according to the score function. Finally, an illustrative example demonstrates the practicality and effectiveness of the proposed method.

Keywords:

Multiple Attribute Decision Making (MADM), Hesitant Fuzzy Information, Hesitant Fuzzy Geometric Bonferroni Mean (HFGBM) Operator,

Computer Network Security

1. Introduction

The traditional network security techniques have shown their drawbacks in the increasingly complex and severe network security environment. The intrusion detection tools can only deliver alerts on limited knowledge of attacks, while the alert stream is always poor in quality and can easily be over-whelming, which makes it very hard to know how much threat the detected attacks pose to the network and which security states the hosts are in. Meanwhile, the traditional security assessment approaches can not assess the real time security situation. These problems make the security operators very difficult to know the current security threat and situation by the traditional security tools. Network security threat and situation assessment aims to extract knowledge of current security threat and situation from raw security data reported by traditional security tools, through the techniques of data fusion, and predict the future security situation based on historical security information and the present attacks. This paper studied the approaches of threat assessment, situation assessment and situation prediction. The threat of a network attack is determined by six aspects of factor: attack severity, attack environment, probability to succeed, statistical factors, correlation factors and attack effect. Based on this conclusion, a framework to threat assessment is proposed, which comprises of six steps. The approaches of every step are introduced in the paper and implemented in SATA (Security Alert and Threat Analysis) system. The approach of qualitative attack hazard gradation and the CVSS mechanism are used in severity assessment. The values of assets and security policies are set to evaluate the environmental factors[1-5]. The Bayesian Network is used to calculate the reliability of the alerts. In statistical assessment, a novel approach is proposed to find the periodicity of alerts based on time series analysis techniques. A language of alert correlation is implemented in the system. And an experiment of qualitative attack effect assessment is introduced. HMM (Hidden Markov Model) is used to assess the network security situation. The problems of observation event classification and parameter configuration lying in the approach are solved. To the first problem, the result of threat assessment is used to classify the alerts based on their threat scores, which can limit the scale of the observation matrix of HMM and improve the accuracy of observation classification. To the latter, the genetic programming algorithm is used. A mechanism of quantitatively evaluating the fitness of situation assessment result is proposed. A set of risk description rules are defined and the matching degree between the result of situation assessment and rules is calculated, which determines the fitness of the result. The honey net alerts are used to construct risk description rule set. The comparative tests validated the effectiveness of the approach. Five characteristics of the network situation prediction problem are defined: 1) there is relationship of causality between the future attacks and the past attacks; 2) the possibility of different attack types to have following attacks are different; 3)the evidence of

future attacks can reflect important information of future attacks by itself; 4) the attack plan can be recognized based on the accumulation of evidence; 5)there is relationship between the evidence of future attacks and the trend of network situation. Based on the characteristics, an approach to situation prediction is proposed. First, the evidence of future attacks is extracted from IDS alerts according to the attack sequence patterns and the predictability of attack types. The predictability of attack types represents the possibility of the attacks to be the evidence of future attacks. The attack sequence patterns are generated by a data mining algorithm. Then the future security situation can be predicted based on the evidence. D-S evidence theory is used for plan recognition, and the HMM model between the evidence and the trend of security situation is constructed to predict the probability distribution of future security states. The experiment with DARPA data sets shows the effectiveness of the approach[5-11].

The problem of evaluating the computer network security with hesitant fuzzy information is the multiple attribute decision making (MADM) problems.The aim of this paper is to investigate the MADM problems for evaluating the computer network security with hesitant fuzzy information. Then, we utilize the hesitant fuzzy geometric Bonferroni mean (HFGBM) operator to aggregate the hesitant fuzzy information, then rank the alternatives and select the most desirable one(s) according to the score function. The remainder of this paper is set out as follows. In the next section, we introduce some basic concepts related to hesitant fuzzy sets. In Section 3 we introduce the MADM problem to evaluate the computer network security with hesitant fuzzy information, in which the information about attribute weights is correlative, and the attribute values take the form of hesitant fuzzy information. Then, we utilize the hesitant fuzzy geometric Bonferroni mean (HFGBM) operator to aggregate the hesitant fuzzy information, then rank the alternatives and select the most desirable one(s) according to the score function. In Section 4, an illustrative example is pointed out. In Section 5 we conclude the paper and give some remarks.

2. Preliminaries

Bonferroni [12] originally introduced a mean type aggregation operator, called Bonferroni mean, which can provide for aggregation lying between the max, min operators and the logical “or” and

“and” operators, which was defined as follows:

Definition 4[12]. Let

p q

,



0

and

a i

_i





1, 2,



,

n



be a collection of non-negative real numbers. Then the aggregation functions:









1 , 1 2 , 1

1

,

,

,

1

p q n p q p q n i j i j i j

BM

a a

a

a a

n n

  









 

_

_



_









(3)

are called the Bonferroni mean (BM) operator.

Zhu et al. [13] further introduced a mean type aggregation operator, called geometric Bonferroni

mean, which can provide for aggregation lying between the max, min operators and the logical “or” and “and” operators, which was defined as follows:

Definition 4[13]. Let

p q

,



0

and

a i

i





1, 2,



,

n



be a collection of non-negative real numbers.









  1 , ₁ 1 2 , 1

1

,

,

,

n p q _{n n} n i j i j i j

GBM

a a

a

pa

qa

p

q

  











(3)

is called the geometric Bonferroni mean (GBM) operator.

Recently, Torra [14] originally developed the hesitant fuzzy set which covers arguments with a set of possible values:

Definition 2[11]. Given a fixed set

X

, then a hesitant fuzzy set (HFS) on

X

is in terms of a function that when applied to

X

returns a sunset of

 

0,1

.

To be easily understood, Xu and Xia[15] express the HFS by mathematical symbol:

 



,

_E



E



x h

x

x



X

, (4) where

h

_E

 

x

is a set of some values in

 

0,1

, denoting the possible membership degree of the element

x



X

to the set

E

. For convenience, Xu and Xia[15,16] call

h



h

_E

 

x

a hesitant fuzzy element(HFE) and

H

the set of all HFEs.

In multi-criteria decision making, the performance of an alternative under a criterion may be represented by several possible values. To aggregate all the possible values of an alternative under the criteria, Zhu et al.[13] give an extension of the GBM, which is defined as follows:

Definition 8. Let

h



j



j



1, 2,



,

n



be a collection of HFEs, and let

p q

,



0

.If







 







  , 1 2 2 1 , 1

,

,

,

1

p q n n n n i j j i i j i j

HFGBM

h h

h

ph

qh

ph

qh

p

q

  













 

_











(8)

then

HFGBM

p q, is called the hesitant fuzzy geometric Bonferroni mean (HFGBM) operator. Based on the operations laws of the hesitant fuzzy values described, we can drive the Theorem 1[13].

Theorem 1. Let

h



_j



j



1, 2,



,

n



be a collection of HFEs, then their aggregated value by using the HFGBM operator is also a HFE, and







 







 

 

  , , 1 2 2 1 , 1 1 2 1 , 1

,

,

,

1

1

1

ij ij i j p q n n n n i j j i i j i j p q n n n ij i j i j

HFGBM

h h

h

ph

qh

ph

qh

p

q

  



       













_

_









_

_





_

 

_

_

_







_

_















 

_













(9)

where_ij_{ij i j,} 



ph



_i



qh



_j

 



ph



_j



qh



_i



can be considered as the “bonding satisfaction” factor used as a calculation unit, capturing the connection between

h

_iand

h ,

_j

i j

,



1, 2,



, ;

n i



j

,

then

,

p q

HFGBM

is called the hesitant fuzzy geometric Bonferroni mean (HFGBM) operator. It can be easily proved that the HFGBM operator has the following properties[13]. Theorem 2. (Idempotency) If all

h



j



j



1, 2,



,

n



are equal, i.e.

h



j



h



for all

j

, then





, 1

,

2

,

,

p q n

HFGBM

h h

 



h





h



(10)

Theorem 3. (Boundedness) Let

h



_j



j



1, 2,



,

n



be a collection of HFEs, and let

min

_j j

h







h



,

max

_j j

h







h



Then





, 1

,

2

,

,

p q n

h







HFGBM

h h

 



h





h



 (11)

Theorem 4. (Monotonicity) Let

h



_j



j



1, 2,



,

n



and

h





_j



j



1, 2,



,

n



be two set of HFEs, if

j j

h





h



, for all

j

, then









, , 1

,

2

,

,

1

,

2

,

,

p q p q n n

HFGBM

h h

 



h





HFGBM

h h

 

 



h





(12)

Theorem 5. (Commutativity) Let

h



_j



j



1, 2,



,

n



and

h





_j



j



1, 2,



,

n



be two set of HFEs, then









, , 1

,

2

,

,

1

,

2

,

,

p q p q n n

HFGBM

h h

 



h





HFGBM

h h

 

 



h





(18)

where

h





j



j



1, 2,



,

n



is any permutation of

h



j



j



1, 2,



,

n



.

3. An Approach to Evaluating the Computer Network Security with Hesitant

Fuzzy Information

The problem of evaluating the computer network security with hesitant fuzzy information is the multiple attribute decision making (MADM) problems. The following assumptions or notations are used to represent the MADM problems for evaluating the computer network security with hesitant fuzzy information. Let

A





A A

₁

,

₂

,



,

A

_m



be a discrete set of alternatives, and



1

,

2

,

,

n



G



G G



G

be the state of nature. If the decision makers provide several values for the alternative

A

_iunder the state of nature

G

_jwith anonymity, these values can be considered as a hesitant fuzzy element

h

_ij. In the case where two decision makers provide the same value, then the value emerges only once in

h

_ij. Suppose that the decision matrix

 

ij m n

H

h





is the hesitant fuzzy decision matrix, where

h

_ij



i



1, 2,



, ,

m j



1, 2,



,

n



are in the form of HFEs.

In the following, we apply the HFGBM operator to MADM for evaluating the computer network security with hesitant fuzzy information.

Step 1. Utilize the decision information given in matrix

R

, and the HFGBM operator (in general, we can take

p

 

q

1

)







 







 

 

  , , 1 2 2 1 , 1 1 2 1 , 1

,

,

,

1

1

1

ij ij i j p q i i i in n n n ki kj kj ki i j i j p q n n n ij i j i j

r

HFGBM

r r

r

pr

qr

pr

qr

p q

  



       















_

_









_

_





_

 

_

_

_







_

_

















 















,

k



1, 2,



,

m

. (11)

to derive the overall values

r i



_i





1, 2,



,

m



of the alternative

A

_i.

Step 2. Calculate the scores

S r i

 



i



1,2, ,



m



of the collective overall hesitant fuzzy preference

values

r i



_i





1, 2,



,

m



to rank all the alternatives

A i

_i





1, 2,



,

m



and then to select the best one(s).

Step 3. Rank all the alternatives

A i

_i





1, 2,



,

m



and select the best one(s) in accordance with

 

i

S r



i



1, 2,



,

m



. Step 4. End.

4. Numerical example

This section presents a numerical example to evaluate the computer network security with hesitant fuzzy information to illustrate the method proposed in this paper. There are five possible

computer network systems

A i

i





1, 2, 3, 4,5



for four attributes

G

j



j



1, 2, 3, 4



. The four

attributes include the tactics

 

G

₁ , technology and economy

 

G

₂ , logistics

 

G

₃ and strategy

 

G

4 , respectively. In order to avoid influence each other, the decision makers are required to evaluate the five possible computer network systems

A i

i





1,2,



,5



under the above four attributes

in anonymity and the decision matrix

 

4 4

ij

H

h





is presented in Table 1, where

h i

_ij





1, 2, 3, 4,

j



1, 2, 3, 4



are in the form of HFEs.

Table 1. Hesitant fuzzy decision matrix

G1 G2 G3 G4 A1 (0.4,0.3) (0.1,0.2,0.3) (0.5,0.6) (0.2,0.5) A2 (0.5,0.7) (0.5,0.7) (0.4,0.5) (0.7,0.8,0.9) A3 (0.8,0.9) (0.8,0.9) (0.3, 0.4,0.5) (0.3, 0.4,0.5) A4 (0.7,0.8) (0.4,0.5) (0.5, 0.7) (0.6, 0.7,0.8) A5 (0.4,0.7) (0.6,0.9) (0.3, 0.5) (0.5, 0.7)

Then, we utilize the approach developed to get the most desirable computer network systems.

Step 1. We utilize the decision information given in matrix

H

, and the HFGBM operator to obtain the overall preference values

h

_i of the alternatives

A i

_i





1, 2,3, 4



. Take computer network systems

1

A

for an example, we have







 

 

 









 







 

 

  , , 1 11 12 14 2 4 1 , 1 1 2 4 1 , 1

,

,

,

HFGBM

0.4, 0.3 , 0.1, 0.2, 0.3 , 0.5, 0.6 , 0.2, 0.5

1

1

1

ij ij i j p q n n ki kj kj ki i j i j p q n n ij i j i j

h

HFGBM

r r

r

pr

qr

pr

qr

p

q

  



       

















_

_

















_

 

_

_

_







_

_















 



















0.5125,0.5457,0.5845,0.6036,0.6245, 0.6276,0.6376,0.6498,0.6499,0.6543,0.6658,0.6787,

0.6915,0.7043,0.7124,0.7236,0.7345,0.7497,0.7567,0.7587,0.7598,0.7647,0.7897,0.7943



Step 2. Calculate the scores

s h

  

_i

i



1, 2, 3, 4, 5



of the overall hesitant fuzzy values



1, 2, 3, 4, 5



i

h i



:

 

 

 

 

 

1 2 3 4 5

0.7126,

0.6436,

0.8941

0.6342,

0.7674

s h

s h

s h

s h

s h











Step 3. Rank all the computer network systems

A i

_i





1, 2,3, 4



in accordance with the scores

  

_i

1, 2, 3, 4



s h

i



of the overall hesitant fuzzy values:

A

₃



A

₅



A

₁



A

₂



A

₄, and thus the most desirable computer network system is

A

₃.

5. Conclusion

The problem of evaluating the computer network security with hesitant fuzzy information is the multiple attribute decision making (MADM) problems. In this paper, we investigate the multiple attribute decision making (MADM) problems for evaluating the computer network security with hesitant fuzzy information. Then, we utilize the hesitant fuzzy geometric Bonferroni mean (HFGBM) operator to aggregate the hesitant fuzzy information, then rank the alternatives and select the most desirable one(s) according to the score function. Finally, an illustrative example demonstrates the practicality and effectiveness of the proposed method.

6. References

[1] Duolin Liu, "E-commerce System Security Assessment Based on Grey Relational Analysis Comprehensive Evaluation", JDCTA: International Journal of Digital Content Technology and its Applications, Vol. 5, No. 10, pp. 279-284, 2011.

[2] Yuan Jiang, Dongming Jiang, "The Security Assessment Method of Wireless Sensor Network with Interval Grey Linguistic Variables", JDCTA: International Journal of Digital Content Technology and its Applications, Vol. 5, No. 10, pp. 389-395, 2011

[3] Wang Jinbo, Liu Xuefeng, Deng Ming, "A Framework of Knowledge Management System for Support Decision Making on Web-enabled Environment", JCIT, Vol. 6, No. 7, pp. 133-139, 2011. [4] Kaihong Guo, Wenli Li, "A C-OWA Operator-based Method for Aggregating Intuitionistic Fuzzy

Information and Its Application to Decision Making under Uncertainty", JDCTA, Vol. 4, No. 7, pp. 140-147, 2010.

[5] Guiwu Wei, “GRA method for multiple attribute decision making with incomplete weight information in intuitionistic fuzzy setting”, Knowledge-Based Systems, Vol.23, No.3, pp.243-247, 2010.

[6] G. W. Wei, “Gray relational analysis method for intuitionistic fuzzy multiple attribute decision making,” Expert Systems with Applications, vol. 38, no. 9, pp. 11671-11677, Sep, 2011.

[7] Guiwu Wei, “Hesitant Fuzzy prioritized operators and their application to multiple attribute group decision making”, Knowledge-Based Systems, vol.31, pp. 176-182, 2012.

[8] D. K. Iakovidis, and E. Papageorgiou, “Intuitionistic Fuzzy Cognitive Maps for Medical Decision Making,” Ieee Transactions on Information Technology in Biomedicine, vol. 15, no. 1, pp. 100-107, Jan, 2011.

[9] D. F. Li, “A ratio ranking method of triangular intuitionistic fuzzy numbers and its application to MADM problems,” Computers & Mathematics with Applications, vol. 60, no. 6, pp. 1557-1570, Sep, 2010.

[10] H. W. Liu, and G. J. Wang, “Multi-criteria decision-making methods based on intuitionistic fuzzy sets,” European Journal of Operational Research, vol. 179, no. 1, pp. 220-233, May, 2007.

[11] J. H. Park, I. Y. Park, Y. C. Kwun et al., “Extension of the TOPSIS method for decision making problems under interval-valued intuitionistic fuzzy environment,” Applied Mathematical Modelling, vol. 35, no. 5, pp. 2544-2556, May, 2011.

[12] C. Bonferroni, “Sulle medie multiple di potenze”, Bolletino Matematica Italiana, vol.5, pp. 267-270, 1950.

[13] B.Zhu, Z. Xu, M. Xia, “Hesitant fuzzy geometric Bonferroni means”, Information Sciences, vol. 205, pp. 72-85, 2012.

[14] V. Torra, “Hesitant fuzzy sets”, International Journal of Intelligent Systems, vol.25.no.5, pp.529-539, 2010.

[15] M. Xia, Z. Xu, “Hesitant fuzzy information aggregation in decision making”, International Journal of Approximate Reasoning, vol. 52, no.3, pp. 395-407, 2011.

[16] Z. Xu, M. Xia, “Distance and similarity measures for hesitant fuzzy sets”, Information Sciences, vol. 181, pp. 2128–2138, 2011.