Browse > Article
http://dx.doi.org/10.9708/jksci.2010.15.11.143

An integrated framework of security tool selection using fuzzy regression and physical programming  

Nguyen, Hoai-Vu (베트남 FPT대, Computer기초학과)
Kongsuwan, Pauline (인제대학교 정보통신시스템학과)
Shin, Sang-Mun (인제대학교 시스템경영공학과)
Choi, Yong-Sun (인제대학교 시스템경영공학과)
Kim, Sang-Kyun (강원대학교 산업공학과)
Publication Information
Journal of the Korea Society of Computer and Information / v.15, no.11, 2010 , pp. 143-156 More about this Journal
Abstract
Faced with an increase of malicious threats from the Internet as well as local area networks, many companies are considering deploying a security system. To help a decision maker select a suitable security tool, this paper proposed a three-step integrated framework using linear fuzzy regression (LFR) and physical programming (PP). First, based on the experts' estimations on security criteria, analytic hierarchy process (AHP) and quality function deployment (QFD) are employed to specify an intermediate score for each criterion and the relationship among these criteria. Next, evaluation value of each criterion is computed by using LFR. Finally, a goal programming (GP) method is customized to obtain the most appropriate security tool for an organization, considering a tradeoff among the multi-objectives associated with quality, credibility and costs, utilizing the relative weights calculated by the physical programming weights (PPW) algorithm. A numerical example provided illustrates the advantages and contributions of this approach. Proposed approach is anticipated to help a decision maker select a suitable security tool by taking advantage of experts' experience, with noises eliminated, as well as the accuracy of mathematical optimization methods.
Keywords
security tool selection; analytical hierarchy process; quality function deployment; linear fuzzy regression; physical programming; goal programming;
Citations & Related Records
연도 인용수 순위
  • Reference
1 R. Hefner, and W. Monroe, "System Security Engineering Capability Maturity Model," Proceeding of Conference on Software Process Improvement, UC Irvine, USA, 1997.
2 M. Eloff, and S.H. Solms, "Information Security Management, Hierarchical Framework for Various Approaches," Computers & Security, Vol. 19, No. 3, pp. 243–256, March 2000.   DOI   ScienceOn
3 W.T. Polk, "Guide to the Selection of Anti-Virus Tools & Techniques", Diane Books Publishing Company, 1992.
4 R. Firth, B. Fraser, S. Konda, and D. Simmel, "An Approach for Selecting and Specifying Tools for Information Survivability", Carnegie Mellon University, July 1998.
5 ISO/IEC 9126-1:2001, http:/ /www.iso.org/ iso/ iso_catalogue/ catalogue _tc/catalogue_detail.htm?csnumber=22749
6 C.S. Leem, and S. Kim, "Introduction to an Integrated Methodology for Development and Implementation of Enterprise Information Systems," Journal of Systems and Software, Vol. 60, No. 3, pp. 249–261, February 2002.   DOI   ScienceOn
7 H.V. Nguyen, S. Shin, and Y. Choi, "An integrated approach to the optimal selection of security tools using analytic hierarchy process and goal programming," International Journal of Technology Management, accepted for publication, 2009.
8 T. Tsiakis, and G. Stephanides, "The Economic Approach of Information Security," Computers & Security, Vol. 24, No. 2, pp. 105-108, March 2005.   DOI   ScienceOn
9 ISO/IEC 15408-1:2005, http://www.iso.org/ iso/ catalogue_detail.htm?cs number=40612.
10 M. Choi, and S. Shin, "Optimizing Quality Levels and Development Costs for Developing an Integrated Information Security System," Information Security Applications, edited by C. H. Lim and M. Yung, Vol. 4867, Lecture Notes in Computer Science, Springer, 2008, pp. 359-370.
11 S. Kim, and H.J. Lee, "A Study on Decision Consolidation Methods Using Analytic Models for Security Systems," Computers & Security, Vol. 26, No. 2, pp. 145–153, March 2007.   DOI   ScienceOn
12 P. Kongsuwan, S. Shin, and M. Choi, "Managing Quality Level for Developing Information Security System Adopting QFD," Proceeding of 2008 Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, Phuket, Thailand, 2008, pp. 19-24.
13 M. Monheit, and A. Tsafrir, "Information Systems Architecture: a Consulting Methodology," Proceeding of the 1990 IEEE International Conference on Computer Systems and Software Engineering, Tel Aviv, Israel, 1990, pp. 568-572.
14 E. Eetugrul Karsak, and C. Okan Ozogul, "An Integrated Decision Making Approach for ERP System Selection," Expert Systems with Applications, Vol. 36, No. 1, pp. 660-667, January 2009.   DOI   ScienceOn
15 H.Y. Lin, P.Y. Hsu, and G.J. Sheen, "A Fuzzy-Based Decision-Making Procedure for Data Warehouse System Selection," Expert Systems with Applications, Vol. 32, No. 3, pp. 939-953, April 2007.   DOI   ScienceOn
16 M.J. Schniederjans, and R.L. Wilson, "Using the Analytic Hierarchy Process and Goal Programming for Information System Project Selection," Information and Management, Vol. 20, No. 5, pp. 333–342, May 1991.   DOI   ScienceOn
17 E.E. Anderson, and J. Choobineh, "Enterprise Information Security Strategies," Computers & Security, Vol. 27, No.1-2, pp. 22-29, March 2008.   DOI   ScienceOn
18 M.J. Schniederjans, "Linear Goal Programming", Petrocelli Books, 1984.
19 E. Melachrinoudis, A. Messac A, H. Min, "Consolidating a Warehouse Network: a Physical Programming Approach," International Journal of Production Economics, Vol. 97, No. 1, pp. 1-17, July 2005.   DOI   ScienceOn
20 M. Patel, K.E. Lewis, A. Maria, and A. Messac, "System Design through Subsystem Selection Using Physical Programming," AIAA Journal, Vol. 41, No. 6, pp. 1089-1096, June 2003.   DOI   ScienceOn
21 A. Messac, S.M. Gupta, and B. Akbulut, "Linear Physical Programming: a New Approach to Multiple Objective Optimization," Transactions on Operational Research, Vol. 8, No. 1, pp. 39-59, October 1996.
22 T.L. Saaty, "A Scaling Method for Priorities in Hierarchical Structures," Journal of Mathematical Psychology, Vol. 15, No. 3, pp. 234–281, June 1977.   DOI
23 S. Chakraborty, and S. Dey, "QFD-Based Expert System for Non-Traditional Machining Processes Selection," Expert Systems with Applications, Vol. 32, No. 4, pp. 1208-1217, May 2007.   DOI   ScienceOn
24 L. Chan, and M. Wu, "Quality Function Deployment: a Literature Review," European Journal of Operational Research, Vol. 143, No. 3, pp. 463-497, December 2002.   DOI   ScienceOn
25 H. Tanaka, S. Uejima, and K. Asai, "Linear Regression Analysis with Fuzzy Model," IEEE Transactions on Systems, Man, and Cybernetics, Vol. 12, No. 6, pp. 903–907, November 1982.   DOI   ScienceOn
26 H. Tanaka, and J. Watada, "Possibilistic Linear Systems and Their Application to the Linear Regression Model," Fuzzy Sets and Systems, Vol. 27, No. 3, pp. 275–289, September 1988.   DOI   ScienceOn
27 W. Chen, A. Sahai, A. Messac, and G.J. Sundararaj, "Exploration of the Effectiveness of Physical Programming in Robust Design," ASME Journal of Mechanical Design, Vol. 122, No. 2, pp.155-163, June 2000.   DOI   ScienceOn
28 E. Kongar, and S.M. Gupta, "Disassembly-to-Order System Using Linear Physical Programming," Proceeding of IEEE International Symposium in Electronics and the Environment, San Francisco CA, USA, 2002, pp. 312-317.
29 EC advisory group SOG-IS, "Information Technology Security Evaluation Criteria (ITSEC)," Version 1.2, the Department of Trade and Industry, London, June 1991.
30 Department of Defense Standard, "Department of Defense Trusted Computer System Evaluation Criteria," DoD 5200.28-STD, December, 1985.