Decision Making Approaches for Security Vulnerability Management

Date Issued
2014
Date
2014
Author(s)
Huang, Chien-Cheng
URI
Abstract
The aim of this study is to formulate an analysis model that can express security vulnerability grades and serve as a basis for the evaluation of information program danger levels or for filtering hazardous system vulnerabilities, and to improve it to counter various security threats. Using a fuzzy analytic hierarchy process, this paper organizes crossover factors of system blind spots, and builds an evaluation framework. First, via the fuzzy Delphi method, aspects and relative determinants affecting security are screened. It then identifies the value equation of each factor, and settles the fuzzy synthetic vulnerability decision-making model. This model can analyze the various degrees to which vulnerabilities affect system security, and this information will serve as a basis for future ameliorations of the system itself. This study also proposes an improvement from the traditional fuzzy synthetic decision-making model for measuring the fuzziness between the enhancement and independence of various aspects and criteria. Furthermore, taking human subjectivity into consideration, this paper constructs a fuzzy integral decision-making model. The case study demonstrates that the evaluation model in question is practical and can be applied to new vulnerabilities to measure their degree of penetration. In addition, the fuzzy integral decision-making model emphasizes the multiply-add effect between various factors influencing information security. On the other hand, based on the above results’ weight and security level, with limited defense resources, this research proposes defense resource allocation strategies for security vulnerability management in order to maximize security utility and improve defense capability. As the problem is a mathematical optimization problem of nonlinear programming, this study finds the near optimal defense resource allocations for analysis and discussion through the problem-solving process.
Subjects
資訊安全弱點
資訊安全評估
模糊層級分析法
模糊綜合決策
模糊積分決策
防禦資源配置
Type
thesis
File(s)
Loading...
Thumbnail Image
Name

ntu-103-D97725002-1.pdf

Size

23.32 KB

Format

Adobe PDF

Checksum

(MD5):f97aec5b3b20d3fd2a4906297165c2f5

臺大位居世界頂尖大學之列,為永久珍藏及向國際展現本校豐碩的研究成果及學術能量,圖書館整合機構典藏(NTUR)與學術庫(AH)不同功能平台,成為臺大學術典藏NTU scholars。期能整合研究能量、促進交流合作、保存學術產出、推廣研究成果。

To permanently archive and promote researcher profiles and scholarly works, Library integrates the services of “NTU Repository” with “Academic Hub” to form NTU Scholars.

總館學科館員 (Main Library)
醫學圖書館學科館員 (Medical Library)
社會科學院辜振甫紀念圖書館學科館員 (Social Sciences Library)

開放取用是從使用者角度提升資訊取用性的社會運動,應用在學術研究上是透過將研究著作公開供使用者自由取閱,以促進學術傳播及因應期刊訂購費用逐年攀升。同時可加速研究發展、提升研究影響力,NTU Scholars即為本校的開放取用典藏(OA Archive)平台。(點選深入了解OA)

  • 請確認所上傳的全文是原創的內容,若該文件包含部分內容的版權非匯入者所有,或由第三方贊助與合作完成,請確認該版權所有者及第三方同意提供此授權。
    Please represent that the submission is your original work, and that you have the right to grant the rights to upload.
  • 若欲上傳已出版的全文電子檔,可使用Open policy finder網站查詢,以確認出版單位之版權政策。
    Please use Open policy finder to find a summary of permissions that are normally given as part of each publisher's copyright transfer agreement.

Built with DSpace-CRIS software - Extension maintained and optimized by 4Science