A quantitative risk assessment model involving frequency and threat degree under line-of-business services for infrastructure of emerging sensor networks

Jing, Xu; Hu, Hanwen; Yang, Huijun; Au, Man; Li, Shuqin; Xiong, Naixue; Imran, Muhammad; Vasilakos, Athanasios

Title: A quantitative risk assessment model involving frequency and threat degree under line-of-business services for infrastructure of emerging sensor networks
Creator: Jing, Xu; Hu, Hanwen; Yang, Huijun; Au, Man; Li, Shuqin; Xiong, Naixue; Imran, Muhammad; Vasilakos, Athanasios
Date: 2017
Type: Text; Journal article
Identifier: http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/186129
Identifier: vital:16816
Identifier: https://doi.org/10.3390/s17030642
Identifier: ISBN:1424-8220 (ISSN)
Abstract: The prospect of Line-of-Business Services (LoBSs) for infrastructure of Emerging Sensor Networks (ESNs) is exciting. Access control remains a top challenge in this scenario as the service provider’s server contains a lot of valuable resources. LoBSs’ users are very diverse as they may come from a wide range of locations with vastly different characteristics. Cost of joining could be low and in many cases, intruders are eligible users conducting malicious actions. As a result, user access should be adjusted dynamically. Assessing LoBSs’ risk dynamically based on both frequency and threat degree of malicious operations is therefore necessary. In this paper, we proposed a Quantitative Risk Assessment Model (QRAM) involving frequency and threat degree based on value at risk. To quantify the threat degree as an elementary intrusion effort, we amend the influence coefficient of risk indexes in the network security situation assessment model. To quantify threat frequency as intrusion trace effort, we make use of multiple behavior information fusion. Under the influence of intrusion trace, we adapt the historical simulation method of value at risk to dynamically access LoBSs’ risk. Simulation based on existing data is used to select appropriate parameters for QRAM. Our simulation results show that the duration influence on elementary intrusion effort is reasonable when the normalized parameter is 1000. Likewise, the time window of intrusion trace and the weight between objective risk and subjective risk can be set to 10 s and 0.5, respectively. While our focus is to develop QRAM for assessing the risk of LoBSs for infrastructure of ESNs dynamically involving frequency and threat degree, we believe it is also appropriate for other scenarios in cloud computing. © 2017 by the authors. Licensee MDPI, Basel, Switzerland.
Publisher: MDPI AG
Relation: Sensors (Switzerland) Vol. 17, no. 3 (2017), p.
Rights: All metadata describing materials held in, or linked to, the repository is freely available under a CC0 licence
Rights: https://creativecommons.org/licenses/by/4.0/
Rights: Open Access
Subject: 4008 Electrical engineering; 4009 Electronics, sensors and digital hardware; 4606 Distributed computing and systems software; Access control; Cloud computing; Intrusion Effort; Line-of-business services; Risk assessment
Full Text
Reviewed
Funder: This work was supported by NSFC National Natural Science Foundation of China (61602396), and Chinese Universities Scientific Fund (2452015195, 2452015199, 2014YB067), and Scientific Research Foundation for PH.D from Northwest Agriculture & Forest University of China (2014BSJJ060), and the authors extend their appreciation to the International Scientific Partnership Program ISPP at King Saud University for funding this research work through ISPP# 0033.

Hits: 929
Visitors: 754
Downloads: 60

		Thumbnail	File	Description	Size	Format
View Details Download			SOURCE1	Published version	3 MB	Adobe Acrobat PDF	View Details Download