Software Security Risk Analysis Using Fuzzy Expert System Free Essays

| |Software Level of Security Risk Analysis Using Fuzzy | |Expert System | |[ARTIFICIAL INTELLIGENT] | UNIVERSITI TEKNIKAL MALAYSIA MELAKA FACULTY OF INFORMATION COMMUNICATION TECHNOLOGY SESSION 2 †2010/2011 |NURUL AZRIN BT AIRRUDIN †B031010343 | |SITI NURSHAFIEQA BT SUHAIMI †B031010313 | |NUR SHAHIDA BT MUHTAR †B031010266 | |LECTURE NAME: DR ABD. SAMAD HASSAN BASARI | |[12th APRIL 2011] | SOFTWARE LEVEL OF SECURITY RISK ANALYSIS USING FUZZY EXPERT SYSTEM ABSTRACT There is wide worry on the security of programming frameworks in light of the fact that numerous associations rely to a great extent upon them for their everyday tasks. Since we have not seen a product framework that is totally secure, there is have to break down and decide the security danger of rising programming frameworks. We will compose a custom paper test on Programming Security Risk Analysis Using Fuzzy Expert System or on the other hand any comparative subject just for you Request Now This work presents a strategy for breaking down programming security utilizing fluffy master framework. The contributions to the framework are reasonable fluffy sets speaking to semantic qualities for programming security objectives of privacy, respectability and accessibility. The master rules were developed utilizing the Mamdani fluffy thinking so as to enough break down the data sources. The defuzzication method was finished utilizing Centroid strategy. The usage of the plan is finished utilizing MATLAB fluffy rationale device in view of its capacity to execute fluffy based frameworks. Utilizing recently create programming items from three programming improvement associations as experiments, the outcomes show a framework that can be utilized to viably break down programming security chance. Investigation AND DESIGN The plan is fundamentally isolated into four phases: 1) DESIGN OF THE LINGUISTIC VARIABLES The contributions to the framework are the qualities accepted for the product security objective through classification, respectability and accessibility. The objectives are thought to be a similar weight and a specific esteemed is resolved for every one of them dependent on questions that are replied about the particular programming. Likewise the qualities decided for every one of the information are characterized as a fluffy number rather than fresh numbers by utilizing appropriate fluffy sets. Structuring the fluffy framework necessitates that the various sources of info (that is, classification, honesty, and accessibility) are spoken to by fluffy sets. The fluffy sets are thusly spoken to by an enrollment work. The participation work utilized in this paper is the triangular enrollment work which is a three point work characterized by least, greatest and modular qualities where normally spoke to in 1. [pic] Figure 1: Triangular Membership Function 2) THE FUZZY SETS The degree of privacy is characterized dependent on the sizes of not classified, somewhat private, exceptionally secret and very classified. The degree of trustworthiness is likewise characterized dependent on the scales extremely low, low, high, exceptionally high, and additional high. Likewise, the degree of accessibility is additionally characterized by the scales low, low, high, high and additional high. The levels characterized above depend on a range definition with an expected interim of [0 - 10]. The reaches for the information sources are appeared in tables 1 and 2. Depiction |RANGE | |Non-Confidential |0-1 | |Slightly Confidential |2-3 | |Confidential |4-6 | |Very Confidential |7-8 | |Extremely Confidential |9-10 | Table 1: Range of contributions for Confidentiality Very Low |Low |High |Very High |Extra High | |0 †1 |2 †3 |4 †6 |7 †8 |9 †10 | Table 2: Range of contributions for Integrity |Ve ry Low |Low |High |Very High |Extra High | |0 †1 |2 †3 |4 †6 |7 †8 |9 †10 | Table 3: Range of contributions for Availability |DESCRIPTION |RANGE | |Not Secure |0 †3 | |Slightly Secure |4 †9 | |Secure |10 †18 | |Very Secure |19 †25 | |Extremely Secure |26 †30 | Table 4: Level Of Security Risk The fluffy sets above are spoken to by participation capacities. The comparing participation capacities for secrecy, uprightness and accessibility are introduced in figures beneath [pic] Figure 1 : Membership capacities for Confidentiality Similarly, the yield, that is, the degree of security chance is likewise spoken to by fluffy sets and afterward an enrollment work. The degree of security chance is characterized dependent on the scales: not secure, marginally secure, secure, exceptionally secure, and amazingly secure inside the scope of [0-30]. The range definition is appeared in table above. The enrollment work for the yield fluffy set is introduced in figure beneath. [pic] Figure 2 : Membership capacities for Integrity [pic] Figure 3 : Membership capacities for Availability [pic] Figure 4 : Level Of Security Risk 3) THE RULES OF THE FUZZY SYSTEM Once the information and yield fluffy sets and participation capacities are developed, the standards are then planned. The standards are detailed dependent on the info parameters (privacy, honesty, and accessibility) and the yield I. e. level of security chance. The degrees of secrecy, trustworthiness, and accessibility are utilized in the forerunner of rules and the degree of security chance as the ensuing of rules. A fluffy principle is contingent proclamation in the structure: IF x is A THEN y is B. Where x and y are phonetic factors; and An and B are etymological qualities dictated by fluffy sets on universe of talks X and Y, individually. Both the precursor and resulting of a fluffy standard can have different parts. All pieces of the precursor are determined at the same time and settled in a solitary number and the forerunner influences all pieces of the resulting similarly. A portion of the standards utilized in the structure of this fluffy Systems are: 1. On the off chance that (Confidentiality isn't Confidential) and (Integrity is Very Low) and (Availability is Very Low) at that point (Security Risk isn't Secure). 2. On the off chance that (Confidentiality isn't Confidential) and (Integrity is Very Low) and (Availability is Low) at that point (Security Risk is Slightly Secure). 3. In the event that (Confidentiality is Extremely Confidential) and (Integrity is Extra High) and (Availability is High) at that point (Security Risk is Slightly Secure). †¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦. 125. In the event that (Confidentiality isn't Confidential) and (Integrity is Very Low) and (Availability is high) at that point (Security Risk is Extremely Secure). The guidelines above were defined utilizing the Mamdani max-min fluffy thinking. Advancement AND IMPLEMENTATION The phonetic factors were resolved with the degree of the positive and negative reactions to an all around developed security addresses that are introduced in type of on-line survey. As it was referenced before, MATLAB was utilized for the execution. The semantic contributions to the framework are provided through the graphical UI called rule watcher. When the standard watcher has been opened, the information factors are provided in the content box subtitled contribution with every one of them isolated with a space. a) THE FIS EDITOR The fluffy derivation framework editorial manager shows a synopsis of the fluffy surmising framework. It shows the mapping of the contributions to the framework type and to the yield. The names of the info factors and the preparing strategies for the FIS can be changed through the FIS editorial manager. Figure 5: The FIS manager b) THE MEMBERSHIP FUNCTION EDITOR This can be opened from the order window by utilizing the plotmf work yet more effectively through the GUI. The participation work editorial manager shows a plot of featured information or yield variable along their potential extents and against the likelihood of event. The name and the scope of a participation worth can be changed, so likewise the scope of the specific variable itself through the enrollment work supervisor. [pic] Figure 6: The Membership Function manager c) THE RULE EDITOR The standard editorial manager can be utilized to include, erase or change a standard. It is additionally used to change the association type and the heaviness of a standard. The standard manager for this application is appeared in figure 7. pic] Figure 7: Rule Editor d) THE RULE VIEWER The content box subtitled input is utilized to flexibly the three information factors required in the framework. The proper info relates to the quantity of YES answer in the survey for every one of the information factors. For instance, in the figure 8, all the info factors are 5 and the relating yield is 13. 9, which in dicated at the highest point of the relating charts. The contribution for every one of the information factors is determined at the highest point of the area comparing to them, so likewise the yield variable. The standard watcher for this work is introduced in figure 8. [pic] Figure 8: The Rule manager e) THE SURFACE VIEWER The surface watcher appeared in figure 9 is a 3-D diagram that shows the connection between the data sources and the yield. The yield (security Risk) is spoken to on the Z-pivot while 2 of the data sources (Confidentiality and Integrity) are on the x and y tomahawks and the other information (Availability) is held steady. The surface watcher shows a plot of the potential scopes of the information factors against the potential scopes of the yield. 4) EVALUATION The security hazard examination framework was assessed utilizing three recently finished programming items from three distinctive programming improvement associations. The yield decides the security level of programming viable. The synopsis of the assessment is given in figure 11. For item A, 5 is the score for classification, 5 for the trustworthiness and 5 for the accessibility. |Software |Input |Output |Significance |Security Level | |Product A |5 5 |13. |45% somewhat secure, 55% secure |46. 33 % | |Product B |8 7 8 |24. 2 |20% secure, 80% secure |80. 60 % | |Product C |10 10 |28. 4 |35% secure, 65% very secure |94. 67 % | Table 5 : Evaluation of Different Input Variables [pic] Figure 9 : The Surface Viewer [pic] Figure 10 : Histogram 3D CONCLUSION AND FINDING Along these lines, this work proposes a fluffy rationale based procedure for assurance of level of security hazard related with programming frameworks. Fluffy rationale is one of the major to