Software Security Risk Analysis Using Fuzzy Expert System Free Essays

| |Software Level of Security Risk Analysis Using Fuzzy | |Expert System | |[ARTIFICIAL INTELLIGENT] | UNIVERSITI TEKNIKAL MALAYSIA MELAKA FACULTY OF INFORMATION COMMUNICATION TECHNOLOGY SESSION 2 †2010/2011 |NURUL AZRIN BT AIRRUDIN †B031010343 | |SITI NURSHAFIEQA BT SUHAIMI †B031010313 | |NUR SHAHIDA BT MUHTAR †B031010266 | |LECTURE NAME: DR ABD. SAMAD HASSAN BASARI | |[12th APRIL 2011] | SOFTWARE LEVEL OF SECURITY RISK ANALYSIS USING FUZZY EXPERT SYSTEM ABSTRACT There is wide worry on the security of programming frameworks in light of the fact that numerous associations rely to a great extent upon them for their everyday tasks. Since we have not seen a product framework that is totally secure, there is have to examine and decide the security danger of developing programming frameworks. We will compose a custom paper test on Programming Security Risk Analysis Using Fuzzy Expert System or on the other hand any comparative subject just for you Request Now This work presents a method for examining programming security utilizing fluffy master framework. The contributions to the framework are reasonable fluffy sets speaking to semantic qualities for programming security objectives of privacy, respectability and accessibility. The master rules were built utilizing the Mamdani fluffy thinking so as to enough break down the data sources. The defuzzication strategy was finished utilizing Centroid method. The usage of the plan is finished utilizing MATLAB fluffy rationale instrument on account of its capacity to execute fluffy based frameworks. Utilizing recently create programming items from three programming advancement associations as experiments, the outcomes show a framework that can be utilized to adequately examine programming security chance. Investigation AND DESIGN The structure is fundamentally separated into four phases: 1) DESIGN OF THE LINGUISTIC VARIABLES The contributions to the framework are the qualities expected for the product security objective through secrecy, respectability and accessibility. The objectives are thought to be a similar weight and a specific esteemed is resolved for every one of them dependent on questions that are replied about the particular programming. Additionally the qualities decided for every one of the info are characterized as a fluffy number rather than fresh numbers by utilizing reasonable fluffy sets. Planning the fluffy framework necessitates that the various data sources (that is, privacy, respectability, and accessibility) are spoken to by fluffy sets. The fluffy sets are thus spoken to by a participation work. The enrollment work utilized in this paper is the triangular participation work which is a three point work characterized by least, most extreme and modular qualities where generally spoke to in 1. [pic] Figure 1: Triangular Membership Function 2) THE FUZZY SETS The degree of classification is characterized dependent on the sizes of not secret, somewhat private, secret and incredibly private. The degree of trustworthiness is likewise characterized dependent on the scales exceptionally low, low, high, extremely high, and additional high. Additionally, the degree of accessibility is likewise characterized by the scales extremely low, low, high, high and additional high. The levels characterized above depend on a range definition with an accepted interim of [0 - 10]. The reaches for the data sources are appeared in tables 1 and 2. Portrayal |RANGE | |Non-Confidential |0-1 | |Slightly Confidential |2-3 | |Confidential |4-6 | |Very Confidential |7-8 | |Extremely Confidential |9-10 | Table 1: Range of contributions for Confidentiality Very Low |Low |High |Very High |Extra High | |0 †1 |2 †3 |4 †6 |7 †8 |9 †10 | Table 2: Range of contributions for Integrity |Very Lo w |Low |High |Very High |Extra High | |0 †1 |2 †3 |4 †6 |7 †8 |9 †10 | Table 3: Range of contributions for Availability |DESCRIPTION |RANGE | |Not Secure |0 †3 | |Slightly Secure |4 †9 | |Secure |10 †18 | |Very Secure |19 †25 | |Extremely Secure |26 †30 | Table 4: Level Of Security Risk The fluffy sets above are spoken to by enrollment capacities. The relating participation capacities for secrecy, uprightness and accessibility are introduced in figures beneath [pic] Figure 1 : Membership capacities for Confidentiality Similarly, the yield, that is, the degree of security chance is likewise spoken to by fluffy sets and afterward an enrollment work. The degree of security chance is characterized dependent on the scales: not secure, somewhat secure, secure, secure, and very secure inside the scope of [0-30]. The range definition is appeared in table above. The participation work for the yield fluffy set is introduced in figure beneath. [pic] Figure 2 : Membership capacities for Integrity [pic] Figure 3 : Membership capacities for Availability [pic] Figure 4 : Level Of Security Risk 3) THE RULES OF THE FUZZY SYSTEM Once the info and yield fluffy sets and enrollment capacities are developed, the guidelines are then detailed. The principles are detailed dependent on the info parameters (classification, uprightness, and accessibility) and the yield I. e. level of security hazard. The degrees of secrecy, uprightness, and accessibility are utilized in the predecessor of rules and the degree of security chance as the resulting of rules. A fluffy principle is contingent proclamation in the structure: IF x is A THEN y is B. Where x and y are semantic factors; and An and B are phonetic qualities dictated by fluffy sets on universe of talks X and Y, individually. Both the precursor and resulting of a fluffy principle can have different parts. All pieces of the forerunner are determined all the while and settled in a solitary number and the predecessor influences all pieces of the ensuing similarly. A portion of the standards utilized in the plan of this fluffy Systems are: 1. In the event that (Confidentiality isn't Confidential) and (Integrity is Very Low) and (Availability is Very Low) at that point (Security Risk isn't Secure). 2. In the event that (Confidentiality isn't Confidential) and (Integrity is Very Low) and (Availability is Low) at that point (Security Risk is Slightly Secure). 3. On the off chance that (Confidentiality is Extremely Confidential) and (Integrity is Extra High) and (Availability is High) at that point (Security Risk is Slightly Secure). †¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦. 125. In the event that (Confidentiality isn't Confidential) and (Integrity is Very Low) and (Availability is high) at that point (Security Risk is Extremely Secure). The standards above were planned utilizing the Mamdani max-min fluffy thinking. Advancement AND IMPLEMENTATION The phonetic factors were resolved with the degree of the positive and negative reactions to a very much built security addresses that are introduced in type of on-line survey. As it was referenced before, MATLAB was utilized for the usage. The phonetic contributions to the framework are provided through the graphical UI called rule watcher. When the standard watcher has been opened, the information factors are provided in the content box inscribed contribution with every one of them isolated with a space. a) THE FIS EDITOR The fluffy derivation framework manager shows a synopsis of the fluffy surmising framework. It shows the mapping of the contributions to the framework type and to the yield. The names of the info factors and the handling strategies for the FIS can be changed through the FIS manager. Figure 5: The FIS proofreader b) THE MEMBERSHIP FUNCTION EDITOR This can be opened from the order window by utilizing the plotmf work however more effectively through the GUI. The participation work proofreader shows a plot of featured information or yield variable along their potential reaches and against the likelihood of event. The name and the scope of an enrollment worth can be changed, so likewise the scope of the specific variable itself through the participation work editorial manager. [pic] Figure 6: The Membership Function supervisor c) THE RULE EDITOR The standard editorial manager can be utilized to include, erase or change a standard. It is likewise used to change the association type and the heaviness of a standard. The standard manager for this application is appeared in figure 7. pic] Figure 7: Rule Editor d) THE RULE VIEWER The content box subtitled input is utilized to gracefully the three information factors required in the framework. The fitting information compares to the quantity of YES answer in the poll for every one of the info factors. For instance, in the figure 8, all the information factors are 5 and the relating yield is 13. 9 , which determined at the highest point of the comparing charts. The contribution for every one of the info factors is indicated at the highest point of the segment comparing to them, so additionally the yield variable. The standard watcher for this work is introduced in figure 8. [pic] Figure 8: The Rule supervisor e) THE SURFACE VIEWER The surface watcher appeared in figure 9 is a 3-D chart that shows the connection between the data sources and the yield. The yield (security Risk) is spoken to on the Z-hub while 2 of the data sources (Confidentiality and Integrity) are on the x and y tomahawks and the other info (Availability) is held consistent. The surface watcher shows a plot of the potential scopes of the information factors against the potential scopes of the yield. 4) EVALUATION The security hazard investigation framework was assessed utilizing three recently finished programming items from three diverse programming improvement associations. The yield decides the security level of programming viable. The outline of the assessment is given in figure 11. For item A, 5 is the score for privacy, 5 for the uprightness and 5 for the accessibility. |Software |Input |Output |Significance |Security Level | |Product A |5 5 |13. |45% marginally secure, 55% secure |46. 33 % | |Product B |8 7 8 |24. 2 |20% secure, 80% secure |80. 60 % | |Product C |10 10 |28. 4 |35% secure, 65% incredibly secure |94. 67 % | Table 5 : Evaluation of Different Input Variables [pic] Figure 9 : The Surface Viewer [pic] Figure 10 : Histogram 3D CONCLUSION AND FINDING Along these lines, this work proposes a fluffy rationale based strategy for assurance of level of security hazard related with programming frameworks. Fluffy rationale is one of the major to