Abstract
The risk assessment of any network or security systems has a high level of uncertainties because usually probability and statistics were used to evaluate the security of different cybersecurity systems. In this book chapter, we will use Shannon entropy to represent the uncertainty of information utilised to calculate systems risk and entropy weight method since the weight of the object index is normally used and points to the significant components of the index. We evaluate the risk of security systems in terms of different vulnerabilities and protections existing in each host. A new methodology was developed to present an attack graph with a dynamic cost metric based on a Dynamic Vulnerability Scoring System (DVSS), and also a novel methodology to estimate and represent the cost-centric approach for each host’s states was followed up.
A framework is carried out on a test network, using Shannon entropy with the Nessus scanner to detect known vulnerabilities, to implement these results and to build and represent the dynamic cost-centric attack graph. We used the results to represent possible risks as a matrix. At the next stage, the proposed risk’s matrix was normalised to calculate the entropy and the entropy weight. Finally, the weight and the path will be used to evaluate and calculate the total risk in the system and suggest to the system administrator a clear guidance on the vulnerable security entities. We try to develop a novel approach to suggest the cybersecurity approach that is suitable for the majority of cyber systems by introducing the term security entities.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
https://www.gov.uk/government/news/more-small-businesses-hit-by-cyber-attacks, last visit 22/05/16.
Hicks, C., McGovern, T., & Earl, C. F. (2000). Supply chain management: A strategic issue in engineer to order manufacturing. International Journal of Production Economics, 65, 179–190.
Smith, C.L. (2004). The development of a security systems research and test laboratory at University. Proceedings of IEEE International Carnahan Conference on Security Technology, pp. 111–115.
Dai, J. J., Hu, H. M., & Cai, Q. (2011). Effectiveness evaluation of security system based on entropy theory. Applied Mechanics and Materials, 40, 806–811.
Xiaohu, Li. (2011). A stochastic model for quantitative security analyses of networked systems.
Ammann, P., Wijesekera, D., & Kaushik, S.. (2002) Scalable, graph-based network vulnerability analysis. Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM.
Balocco, A., & Capone P. Construction site risk analysis based on shannon entropy: A case study application. The First international conference on safety and security engineering, pp. 171–181.
Franqueira, V. N. L., & van Keulen, M.. (2008). Analysis of the NIST database towards the composition of vulnerabilities in attack scenarios.” Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands, Tech. Rep. TR-CTIT-08-08.
Buchley, J. J., & Chanas, S. (1989). A fast method of ranking alternatives using fuzzy numbers (short communications) [J]. Fuzzy Sets and Systems, 30(3), 337–339.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Hamid, T., Al-Jumeily, D., Mustafina, J. (2018). Evaluation of the Dynamic Cybersecurity Risk Using the Entropy Weight Method. In: Dastbaz, M., Arabnia, H., Akhgar, B. (eds) Technology for Smart Futures. Springer, Cham. https://doi.org/10.1007/978-3-319-60137-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-60137-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60136-6
Online ISBN: 978-3-319-60137-3
eBook Packages: EnergyEnergy (R0)