Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

An integrated framework of security tool selection using fuzzy regression and physical programming

퍼지회귀분석과 physical programming을 활용한 정보보호 도구 선정 통합 프레임워크

  • ;
  • ;
  • 신상문 (인제대학교 시스템경영공학과) ;
  • 최용선 (인제대학교 시스템경영공학과) ;
  • 김상균 (강원대학교 산업공학과)
  • Received : 2010.07.29
  • Accepted : 2010.08.11
  • Published : 2010.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

Faced with an increase of malicious threats from the Internet as well as local area networks, many companies are considering deploying a security system. To help a decision maker select a suitable security tool, this paper proposed a three-step integrated framework using linear fuzzy regression (LFR) and physical programming (PP). First, based on the experts' estimations on security criteria, analytic hierarchy process (AHP) and quality function deployment (QFD) are employed to specify an intermediate score for each criterion and the relationship among these criteria. Next, evaluation value of each criterion is computed by using LFR. Finally, a goal programming (GP) method is customized to obtain the most appropriate security tool for an organization, considering a tradeoff among the multi-objectives associated with quality, credibility and costs, utilizing the relative weights calculated by the physical programming weights (PPW) algorithm. A numerical example provided illustrates the advantages and contributions of this approach. Proposed approach is anticipated to help a decision maker select a suitable security tool by taking advantage of experts' experience, with noises eliminated, as well as the accuracy of mathematical optimization methods.

근거리통신망과 인터넷으로부터 유입되는 정보보호 위협이 증가하는 상황에 대처하기 위하여, 많은 기업들이 정보보호 시스템 구축을 고려하고 있다. 기업 내 의사결정자의 정보보호 도구 선택을 지원하기 위하여, 본 논문은 선형퍼지회귀분석 및 physical programming을 이용하는 세 가지 단계로 구성된 통합 프레임워크를 제안하였다. 첫째, 정보보호도구 선정 기준 및 평가 기준에 대한 전문가들의 상대평가 의견을 바탕으로, 각 정보보호 기준들 간의 관계를 정량화시키기 위하여 analytic hierarchy process 및 quality function deployment 방법을 적용하였다. 그리고, 선형퍼지회귀분석법을 활용하여 각 기준별 평가값을 산출하였다. 마지막으로, 정보보호 시스템의 품질, 정보보호 수준, 비용 등의 다수 목적함수를 효과적으로 고려하기 위하여, physical programming weights 알고리즘을 통하여 도출된 가중치에 기반한 목표계획법을 활용하여 가장 적절한 정보보호 도구를 선정하였다. 이와 같은 과정은 구체적인 예제를 통해 단계별로 설명하고 그 장점을 가시적으로 제시하였다. 본 연구에서 제안한 방법은 전문가 제공 정보에서 발생 가능한 노이즈를 효과적으로 제거함으로써, 전문가의 경험을 통한 표준 정보보호 기준의 확보와 수학적 최적화 방법을 통한 정확성 확보의 장점을 의사결정자에게 제공할 것으로 기대된다.

Keywords

References

  1. E. Eetugrul Karsak, and C. Okan Ozogul, "An Integrated Decision Making Approach for ERP System Selection," Expert Systems with Applications, Vol. 36, No. 1, pp. 660-667, January 2009. https://doi.org/10.1016/j.eswa.2007.09.016
  2. H.Y. Lin, P.Y. Hsu, and G.J. Sheen, "A Fuzzy-Based Decision-Making Procedure for Data Warehouse System Selection," Expert Systems with Applications, Vol. 32, No. 3, pp. 939-953, April 2007. https://doi.org/10.1016/j.eswa.2006.01.031
  3. M.J. Schniederjans, and R.L. Wilson, "Using the Analytic Hierarchy Process and Goal Programming for Information System Project Selection," Information and Management, Vol. 20, No. 5, pp. 333–342, May 1991. https://doi.org/10.1016/0378-7206(91)90032-W
  4. M. Monheit, and A. Tsafrir, "Information Systems Architecture: a Consulting Methodology," Proceeding of the 1990 IEEE International Conference on Computer Systems and Software Engineering, Tel Aviv, Israel, 1990, pp. 568-572.
  5. E.E. Anderson, and J. Choobineh, "Enterprise Information Security Strategies," Computers & Security, Vol. 27, No.1-2, pp. 22-29, March 2008. https://doi.org/10.1016/j.cose.2008.03.002
  6. M. Choi, and S. Shin, "Optimizing Quality Levels and Development Costs for Developing an Integrated Information Security System," Information Security Applications, edited by C. H. Lim and M. Yung, Vol. 4867, Lecture Notes in Computer Science, Springer, 2008, pp. 359-370.
  7. S. Kim, and H.J. Lee, "A Study on Decision Consolidation Methods Using Analytic Models for Security Systems," Computers & Security, Vol. 26, No. 2, pp. 145–153, March 2007. https://doi.org/10.1016/j.cose.2006.08.007
  8. P. Kongsuwan, S. Shin, and M. Choi, "Managing Quality Level for Developing Information Security System Adopting QFD," Proceeding of 2008 Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, Phuket, Thailand, 2008, pp. 19-24.
  9. C.S. Leem, and S. Kim, "Introduction to an Integrated Methodology for Development and Implementation of Enterprise Information Systems," Journal of Systems and Software, Vol. 60, No. 3, pp. 249–261, February 2002. https://doi.org/10.1016/S0164-1212(01)00096-6
  10. H.V. Nguyen, S. Shin, and Y. Choi, "An integrated approach to the optimal selection of security tools using analytic hierarchy process and goal programming," International Journal of Technology Management, accepted for publication, 2009.
  11. T. Tsiakis, and G. Stephanides, "The Economic Approach of Information Security," Computers & Security, Vol. 24, No. 2, pp. 105-108, March 2005. https://doi.org/10.1016/j.cose.2005.02.001
  12. ISO/IEC 15408-1:2005, http://www.iso.org/ iso/ catalogue_detail.htm?cs number=40612.
  13. EC advisory group SOG-IS, "Information Technology Security Evaluation Criteria (ITSEC)," Version 1.2, the Department of Trade and Industry, London, June 1991.
  14. Department of Defense Standard, "Department of Defense Trusted Computer System Evaluation Criteria," DoD 5200.28-STD, December, 1985.
  15. R. Hefner, and W. Monroe, "System Security Engineering Capability Maturity Model," Proceeding of Conference on Software Process Improvement, UC Irvine, USA, 1997.
  16. M. Eloff, and S.H. Solms, "Information Security Management, Hierarchical Framework for Various Approaches," Computers & Security, Vol. 19, No. 3, pp. 243–256, March 2000. https://doi.org/10.1016/S0167-4048(00)88613-7
  17. W.T. Polk, "Guide to the Selection of Anti-Virus Tools & Techniques", Diane Books Publishing Company, 1992.
  18. R. Firth, B. Fraser, S. Konda, and D. Simmel, "An Approach for Selecting and Specifying Tools for Information Survivability", Carnegie Mellon University, July 1998.
  19. ISO/IEC 9126-1:2001, http:/ /www.iso.org/ iso/ iso_catalogue/ catalogue _tc/catalogue_detail.htm?csnumber=22749
  20. T.L. Saaty, "A Scaling Method for Priorities in Hierarchical Structures," Journal of Mathematical Psychology, Vol. 15, No. 3, pp. 234–281, June 1977. https://doi.org/10.1016/0022-2496(77)90033-5
  21. S. Chakraborty, and S. Dey, "QFD-Based Expert System for Non-Traditional Machining Processes Selection," Expert Systems with Applications, Vol. 32, No. 4, pp. 1208-1217, May 2007. https://doi.org/10.1016/j.eswa.2006.02.010
  22. L. Chan, and M. Wu, "Quality Function Deployment: a Literature Review," European Journal of Operational Research, Vol. 143, No. 3, pp. 463-497, December 2002. https://doi.org/10.1016/S0377-2217(02)00178-9
  23. H. Tanaka, S. Uejima, and K. Asai, "Linear Regression Analysis with Fuzzy Model," IEEE Transactions on Systems, Man, and Cybernetics, Vol. 12, No. 6, pp. 903–907, November 1982. https://doi.org/10.1109/TSMC.1982.4308925
  24. H. Tanaka, and J. Watada, "Possibilistic Linear Systems and Their Application to the Linear Regression Model," Fuzzy Sets and Systems, Vol. 27, No. 3, pp. 275–289, September 1988. https://doi.org/10.1016/0165-0114(88)90054-1
  25. A. Messac, S.M. Gupta, and B. Akbulut, "Linear Physical Programming: a New Approach to Multiple Objective Optimization," Transactions on Operational Research, Vol. 8, No. 1, pp. 39-59, October 1996.
  26. W. Chen, A. Sahai, A. Messac, and G.J. Sundararaj, "Exploration of the Effectiveness of Physical Programming in Robust Design," ASME Journal of Mechanical Design, Vol. 122, No. 2, pp.155-163, June 2000. https://doi.org/10.1115/1.533565
  27. E. Kongar, and S.M. Gupta, "Disassembly-to-Order System Using Linear Physical Programming," Proceeding of IEEE International Symposium in Electronics and the Environment, San Francisco CA, USA, 2002, pp. 312-317.
  28. E. Melachrinoudis, A. Messac A, H. Min, "Consolidating a Warehouse Network: a Physical Programming Approach," International Journal of Production Economics, Vol. 97, No. 1, pp. 1-17, July 2005. https://doi.org/10.1016/j.ijpe.2004.04.009
  29. M. Patel, K.E. Lewis, A. Maria, and A. Messac, "System Design through Subsystem Selection Using Physical Programming," AIAA Journal, Vol. 41, No. 6, pp. 1089-1096, June 2003. https://doi.org/10.2514/2.2049
  30. M.J. Schniederjans, "Linear Goal Programming", Petrocelli Books, 1984.