Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Miller, Simon; Wagner, Christian; Aickelin, Uwe; Garibaldi, Jonathan M. (2016)
Publisher: Elsevier
Languages: English
Types: Article
Subjects: Computer Science - Artificial Intelligence, Computer Science - Cryptography and Security
An important role carried out by cyber-security experts is the assessment of proposed computer systems, during their design stage. This task is fraught with difficulties and uncertainty, making the knowledge provided by human experts essential for successful assessment. Today, the increasing number of progressively complex systems has led to an urgent need to produce tools that support the expert-led process of system-security assessment. In this research, we use Weighted Averages (WAs) and Ordered Weighted Averages (OWAs) with Evolutionary Algorithms (EAs) to create aggregation operators that model parts of the assessment process. We show how individual overall ratings for security components can be produced from ratings of their characteristics, and how these individual overall ratings can be aggregated to produce overall rankings of potential attacks on a system. As well as the identification of salient attacks and weak points in a prospective system, the proposed method also highlights which factors and security components contribute most to a component's difficulty and attack ranking respectively. A real world scenario is used in which experts were asked to rank a set of technical attacks, and to answer a series of questions about the security components that are the subject of the attacks. The work shows how finding good aggregation operators, and identifying important components and factors of a cyber-security problem can be automated. The resulting operators have the potential for use as decision aids for systems designers and cyber-security experts, increasing the amount of assessment that can be achieved with the limited resources available.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • Anderson R, Barton C, Böhme R, Clayton R, van Eeten MJ, Levi M, et al. Measuring the cost of cyber-crime. In: Böhme R, editor. The economics of information security and privacy. Berlin Heidelberg: Springer; 2013. p. 265-300 ISBN 978-3-642-39497-3, doi:10.1007/978-3-642-39498-0_12.
    • Androutsopoulos I, Koutsias J, Chandrinos KV, Paliouras G, Spyropoulos CD. An evaluation of naive Bayesian anti-spam filtering. In: Potamias G, Moustakis V, van Someren M, editors. European conference on machine learning. Barcelona (Spain): 2000. p. 9-17.
    • Badea A, Rocco C, Tarantola S, Bolado R. Composite indicators for security of energy supply using ordered weighted averaging. Reliab Eng Syst Saf 2011;96(6):651-62.
    • Baskerville R. Information systems security design methods: implications for information systems development. ACM Comput Surv 1993;25(4):375-414.
    • Bass T. Intrusion detection systems and multisensor data fusion. Commun ACM 2000;43(4):99-105.
    • Canós L, Liern V. Soft computing-based aggregation methods for human resource management. Eur J Oper Res 2008;189(3):669- 81.
    • Clements DP. Fuzzy ratings for computer security evaluation [Ph.D. thesis]. Berkeley, CA: University of California, Berkeley; 1977.
    • Cruz B, Gupta D, Kapoor A, Haifei L, McLean D, Moreno F, et al., McAffee labs threats report, Tech. Rep., McAffee Labs, ; 2014 [accessed 04.07.16].
    • Detica and Office of Cyber Security and Information Assurance. The cost of cyber crime, Tech. Rep., Detica Limited, ; 2011.
    • Dhillon G, Backhouse J. Current directions in IS security research: towards socio-organizational perspectives. Inf Syst J 2001;11(2):127-53.
    • Dondo M. A fuzzy risk calculations approach for a network vulnerability ranking system, Defence R&D Canada Technical Memorandum, 2007.
    • Feyereisl J, Aickelin U. Privileged information for data clustering. Inf Sci (Ny) 2012;194:4-23.
    • Goldberg D. Genetic algorithms in search, optimization, and machine learning. Reading Menlo Park: Addison-Wesley; 1989.
    • Grabisch M, Murofushi T, Sugeno M. Fuzzy measures and integrals: theory and applications. Heidelberg: Physica-Verlag; 2000.
    • Holland J. Adaptation in natural and artificial systems: an introductory analysis with applications to biology, control, and artificial intelligence. Ann Arbor: University of Michigan; 1975.
    • Imamverdiev Y, Derakshande S. Fuzzy OWA model for information security risk management. Automat Control Comput Sci 2011;45(1):20-8.
    • Jansen W, Gallagher PD. Directions in security metrics research, NIST Technical Report, 2009.
    • Kim J, Bentley P, Aickelin U, Greensmith J, Tedesco G, Twycross J. Immune system approaches to intrusion detection - a review. Nat Comp 2007;4:413-66.
    • Lane TD. Machine learning techniques for the domain of anomaly detection for computer security [Ph.D. thesis]. Lafayette, IN: Perdue University, 1998.
    • Linkov I, Satterstrom F, Kiker G, Batchelor C, Bridges T, Ferguson E. From comparative risk assessment to multi-criteria decision analysis and adaptive management: recent developments and applications. Environ Int 2006;32(8):1072- 93.
    • McGill WL, Ayyub BM. Multicriteria security system performance assessment using fuzzy logic. J Def Model Simul 2007;4(4):356-76.
    • Merigó J, Gil-Lafuente A. New decision-making techniques and their application in the selection of financial products. Inf Sci (NY) 2010;180(11):2085-94.
    • Merigó J, Gil-Lafuente A. Decision-making in sport management based on the OWA operator. Expert Syst Appl 2011;38(8):10408-13.
    • Miller S, Garibaldi JM, Appleby S. Evolving OWA operators for cyber security decision making problems. 2013 IEEE Symp Comput Intell Cyber Secur 2013a;15-22. doi:10.1109/ CICYBS.2013.6597200.
    • Miller S, Appleby S, Garibaldi JM, Aickelin U. Towards a more systematic approach to secure systems design and analysis. Int J Secur Softw Eng 2013b;4(1):11-30.
    • Nettleton D, Torra V. A comparison of active set method and genetic algorithm approaches for learning weighting vectors in some aggregation operators. Int J Intell Syst 2001;16(9):1069-83.
    • Ngai EWT, Wat FKT. Fuzzy decision support system for risk analysis in e-commerce development. Decis Support Syst 2005;40(2):235-55.
    • Pearson K. Contributions to the mathematical theory of evolution. III. Regression, heredity, and panmixia. Proc R Soc Lond (Biol) 1895;59(353-358):69-71.
    • Sadiq R, Rodrguez M, Tesfamariam S. Integrating indicators for performance assessment of small water utilities using ordered weighted averaging (OWA) operators. Expert Syst Appl 2010;37(7):4881-91.
    • Shah S. Measuring operational risk using fuzzy logic modeling, International Risk Management Institute, Inc. (IRMI), ; 2003 [accessed 04.07.16].
    • Siraj A, Bridges SM, Vaughn RB. Fuzzy cognitive maps for decision support in an intelligent intrusion detection system. Joint 9th IFSA World Congress 20th NAFIPS Int Conf 2001;4:2165-70.
    • Spearman C. The proof and measurement of association between two things. Am J Psychol 1904;15(1):72-101.
    • Sun L, Srivastava RP, Mock TJ. An information systems security risk assessment model under the Dempster-Shafer theory of belief functions. J Manage Inform Syst 2006;22(4):109-42.
    • Tedesco G, Aickelin U. Real-time alert correlation with type graphs. In: Proceedings of the 4th International Conference on Information Systems Security (ICISS 2008). Berlin Heidelberg: Springer; 2008. p. 173-87.
    • Torra V. The WOWA operator: a review. In: Yager RR, Kacprzyk J, Beliakov G, editors. Recent developments in the ordered weighted averaging operators: theory and practice, vol. 265. Berlin Heidelberg: Springer; 2011. p. 17-28.
    • Tregear J. Risk assessment. Inform Secur Tech Rep 2001;6(3):19- 27. ISSN 1363-4127.
    • Tukey JW. The future of data analysis. Ann. Math. Stat. 1962;33(1):1-67.
    • Twycross J, Aickelin U. Information fusion in the immune system. Inform Fusion 2010;11(1):35-44.
    • Van de Walle B, Rutkowski A-F. A fuzzy decision support system for IT service continuity threat assessment. Decis Support Syst 2006;42(3):1931-43.
    • Yager R. On ordered weighted averaging aggregation operators in multicriteria decisionmaking. IEEE Trans Syst Man Cybern 1988;18(1):183-90.
  • No related research data.
  • No similar publications.

Share - Bookmark

Funded by projects

Cite this article