Software Security Risk Analysis Using Fuzzy Expert System

| | |Software Raze of Pawn Betray Segregation Using Fuzzy | |Expert Arrangement | |[ARTIFICIAL INTELLIGENT] | UNIVERSITI TEKNIKAL MALAYSIA MELAKA FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY SESSION 2 - 2010/2011 |NURUL AZRIN BT AIRRUDIN – B031010343 | |SITI NURSHAFIEQA BT SUHAIMI – B031010313 | |NUR SHAHIDA BT MUHTAR – B031010266 | | | |LECTURE NAME: DR ABD. SAMAD HASSAN BASARI | | | |[12th APRIL 2011] | SOFTWARE LEVEL OF SECURITY RISK ANALYSIS USING FUZZY EXPERT SYSTEM ABSTRACT There is extensive anxiety on the pawn of software arrangements accordingly manifold organizations rest abundantly on them for their day-to-day operations. Since we possess not seen a software arrangement that is entirely guard, there is need to awaken and detail the pawn betray of emerging software arrangements. This labor presents a technique for analyzing software pawn using fuzzy easy arrangement. The inputs to the arrangement are agreeserviceable fuzzy sets representing linguistic treasures for software pawn views of trustworthyity, probity and availability. The easy governments were fictitious using the Mamdani fuzzy rationalistic in arcollocate to adequately awaken the inputs. The defuzzication technique was performed using Centroid technique. The toolation of the intent is performed using MATLAB fuzzy logic instrument accordingly of its ability to tool fuzzy inveterate arrangements. Using newly clear software effects from three software clearment organizations as experiment cases, the products illusion a arrangement that can be used to effectively awaken software pawn betray. ANALYSIS AND DESIGN The intent is basically disconnected into foul-mouthed stages: 1) DESIGN OF THE LINGUISTIC VARIABLES The inputs to the arrangement are the treasures conducive for the software pawn view thru trustworthyity, probity and availability. The views are conducive to be the similar heaviness and a feature treasured is detaild for each of them inveterate on questions that are solutioned environing the specific software. Also the treasures detaild for each of the input are defined as a fuzzy enumerate instead of crisp enumerates by using agreeserviceable fuzzy sets. Designing the fuzzy arrangement requires that the divergent inputs (that is, trustworthyity, probity, and availability) are represented by fuzzy sets. The fuzzy sets are in hinge represented by a familiarity part. The familiarity part used in this paper is the triangular familiarity part which is a three aim part defined by reserve, utmost and modal treasures where usually represented in 1. [pic] Figure 1: Triangular Familiarity Part 2) THE FUZZY SETS The raze of trustworthyity is defined inveterate on the scales of not trustworthy, partially trustworthy, very trustworthy and very-much trustworthy. The raze of probity is too defined inveterate on the scales very low, low, tall, very tall, and extra tall. Also, the raze of availability is too defined by the scales very low, low, tall, very tall and extra tall. The razes defined overhead are inveterate on a collocate restriction after a opportunity an conducive gap of [0 -10]. The collocates for the inputs are illusionn in suspects 1 and 2. DESCRIPTION |RANGE | |Non-Confidential |0-1 | |Slightly Trustworthy |2-3 | |Confidential |4-6 | |Very Trustworthy |7-8 | |Extremely Trustworthy |9-10 | Suspect 1: Collocate of inputs for Confidentiality Very Low |Low |High |Very Tall |Extra Tall | |0 - 1 |2 - 3 |4 - 6 |7 - 8 |9 - 10 | Suspect 2: Collocate of inputs for Probity |Very Low |Low |High |Very Tall |Extra Tall | |0 - 1 |2 - 3 |4 - 6 |7 - 8 |9 - 10 | Tserviceable 3: Collocate of inputs for Availability |DESCRIPTION |RANGE | |Not Guard |0 - 3 | |Slightly Guard |4 - 9 | |Secure |10 - 18 | |Very Guard |19 - 25 | |Extremely Guard |26 – 30 | Suspect 4: Raze Of Pawn Risk The fuzzy sets overhead are represented by familiarity compressiveness. The selfsame familiarity compressiveness for trustworthyity, probity and availability are presented in constitutes adown [pic] Constitute 1 : Familiarity compressiveness for Confidentiality Similarly, the output, that is, the raze of pawn betray is too represented by fuzzy sets and then a familiarity part. The raze of pawn betray is defined inveterate on the scales: not guard, partially guard, guard, very guard, and very-much guard after a opportunityin the collocate of [0- 30]. The collocate restriction is illusionn in suspect overhead. The familiarity part for the output fuzzy set is presented in constitute adown. [pic] Constitute 2 : Familiarity compressiveness for Probity [pic] Constitute 3 : Familiarity compressiveness for Availability [pic] Constitute 4 : Raze Of Pawn Betray 3) THE RULES OF THE FUZZY SYSTEM Once the input and output fuzzy sets and familiarity compressiveness are fictitious, the governments are then constituteulated. The governments are constituteulated inveterate on the input parameters (confidentiality, probity, and availability) and the output i. e. raze of pawn betray. The razes of trustworthyity, probity, and availability are used in the foregoing of governments and the raze of pawn betray as the inferred of governments. A fuzzy government is unlawful proposition in the constitute: IF x is A THEN y is B. Where x and y are linguistic mutables; and A and B are linguistic treasures detaild by fuzzy sets on universe of discourses X and Y, respectively. Both the foregoing and inferred of a fuzzy government can possess multiple compressiveness. All compressiveness of the foregoing are fitted concomitantly and firm in a uncompounded enumerate and the foregoing affects all compressiveness of the inferred same. Some of the governments used in the intent of this fuzzy Systems are as follow: 1. If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is Very Low) then (Security Betray is Not Secure). 2. If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is Low) then (Security Betray is Partially Secure). 3. If (Confidentiality is Very-much Confidential) and (Integrity is Extra High) and (Availability is High) then (Security Betray is Partially Secure). ………. 125. If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is tall) then (Security Betray is Very-much Secure). The governments overhead were constituteulated using the Mamdani max-min fuzzy rationalistic. DEVELOPMENT AND IMPLEMENTATION The linguistic mutables were detaild after a opportunity the quantity of the dogmatic and indirect responses to a polite fictitious pawn questions that are presented in constitute of on-line questionnaire. As it was mentioned antecedent, MATLAB was used for the toolation. The linguistic inputs to the arrangement are replete through the graphical user interface denominated government viewer. Once the government viewer has been opened, the input mutables are replete in the quotation box captioned input after a opportunity each of them disconnected after a opportunity a illimitableness. a) THE FIS EDITOR The fuzzy corollary arrangement editor illusions a segregation of the fuzzy corollary arrangement. It illusions the mapping of the inputs to the arrangement model and to the output. The contemplationates of the input mutables and the processing methods for the FIS can be newfangled through the FIS editor. Constitute 5: The FIS editor b) THE MEMBERSHIP FUNCTION EDITOR This can be opened from the instruct window by using the conspiremf part but over abundantly through the GUI. The familiarity part editor illusions a conspire of talllighted input or output mutserviceable concurrently their likely collocates and resisting the verisimilitude of incident. The contemplationate and the collocate of a familiarity treasure can be newfangled, so too the collocate of the feature mutserviceable itself through the familiarity part editor. [pic] Constitute 6: The Familiarity Part editor c) THE RULE EDITOR The government editor can be used to add, delete or exexfluctuate a government. It is too used to exexfluctuate the junction model and the heaviness of a government. The government editor for this impression is illusionn in constitute 7. pic] Constitute 7: Government Editor d) THE RULE VIEWER The quotation box captioned input is used to yield the three input mutables needed in the arrangement. The mismisappropriate input corresponds to the enumerate of YES solution in the questionnaire for each of the input mutables. For end, in the constitute 8, all the input mutables are 5 and the selfsame output is 13. 9, which definitive at the top of the selfsame graphs. The input for each of the input mutables is definitive at the top of the individuality selfsame to them, so too the output mutable. The government viewer for this labor is presented in constitute 8. [pic] Constitute 8: The Government editor e) THE SURFACE VIEWER The exterior viewer illusionn in constitute 9 is a 3-D graph that illusions the correlativeness betwixt the inputs and the output. The output (pawn Risk) is represented on the Z-axis opportunity 2 of the inputs (Confidentiality and Integrity) are on the x and y axes and the other input (Availability) is held true. The exterior viewer illusions a conspire of the likely collocates of the input mutables resisting the likely collocates of the output. 4) EVALUATION The pawn betray segregation arrangement was evaluated using three newly completed software effects from three divergent software clearment organizations. The output details the pawn raze of software beneath suspect. The segregation of the evaluation is given in constitute 11. For effect A, 5 is the jaw for trustworthyity, 5 for the probity and 5 for the availability. |Software |Input |Output |Significance |Security Raze | |Product A |5 5 5 |13. |45% partially guard, 55% guard |46. 33 % | |Product B |8 7 8 |24. 2 |20% guard, 80% very guard |80. 60 % | |Product C |10 10 10 |28. 4 |35% very guard, 65% very-much guard |94. 67 % | Suspect 5 : Evaluation of Divergent Input Variables [pic] Constitute 9 : The Exterior Viewer [pic] Constitute 10 : Histogram & 3D CONCLUSION AND FINDING Thus, this labor proposes a fuzzy logic-inveterate technique for vill of raze of pawn betray associated after a opportunity software arrangements. Fuzzy logic is one of the senior instruments used for pawn segregation. The senior views of guard software which are used as the inputs to them arrangement are the conservation of trustworthyity (preventing unacknowledged divestment of advice), conservation of probity (preventing unacknowledged shifting of advice) and conservation of availability (preventing unacknowledged perdition or protest of similarity or use to an genuine user). It sway be essential to reintent this arrangement in a way that it allure be deployserviceable and allure be after a opportunityout the use of MATLAB. It sway too be essential to use an adaptive fuzzy logic technique for pawn betray segregation. We possess been serviceserviceable to intent a arrangement that can be used to evaluate the pawn betray associated after a opportunity the effection of guard software arrangements. This allure definitely aid software organizations converge up after a opportunity the plummet requirements. A technique for assessing pawn of software arrangement antecedently latest deployment has been presented. The product of this consider illusions that if the software unresisting companies allure bond pawn betray segregation into the effection of software arrangement, the end of inpawn of software allure be held to the reserve if not eliminated. This consider has too orthodox that if each of the software pawn views can be increased to the utmost, then the raze pawn allure too be increased and the betray associated allure be eliminated. Finally, pawn betray segregation is a method towards unresisting guard software and should be considered a indicative enthusiasm by software clearment organizations.