An integrated framework of security tool selection using fuzzy regression and physical programming

Hoai-Vu Nguyen; Pauline Kongsuwan; SHIN SANGMUN (신상문); Yongsun Choi (최용선); 김상균

An integrated framework of security tool selection using fuzzy regression and physical programming

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2010, 15(11), pp.143-156
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

Hoai-Vu Nguyen ¹, Pauline Kongsuwan ², SHIN SANGMUN ², Yongsun Choi ², 김상균 ³

¹FPT University
²인제대학교
³강원대학교

Accredited

ABSTRACT

Faced with an increase of malicious threats from the Internet as well as local area networks, many companies are considering deploying a security system. To help a decision maker select a suitable security tool, this paper proposed a three-step integrated framework using linear fuzzy regression (LFR) and physical programming (PP). First, based on the experts’ estimations on security criteria, analytic hierarchy process (AHP) and quality function deployment (QFD) are employed to specify an intermediate score for each criterion and the relationship among these criteria. Next, evaluation value of each criterion is computed by using LFR. Finally, a goal programming (GP) method is customized to obtain the most appropriate security tool for an organization, considering a tradeoff among the multi-objectives associated with quality, credibility and costs, utilizing the relative weights calculated by the physical programming weights (PPW) algorithm. A numerical example provided illustrates the advantages and contributions of this approach. Proposed approach is anticipated to help a decision maker select a suitable security tool by taking advantage of experts’ experience, with noises eliminated, as well as the accuracy of mathematical optimization methods.

KEYWORDS

security tool selection, analytical hierarchy process, quality function deployment, linear fuzzy regression, physical programming, goal programming.

Citation status

* References for papers published after 2023 are currently being built.

[journal] E. Eetugrul Karsak / 2009 / An Integrated Decision Making Approach for ERP System Selection, / Expert Systems with Applications 36(1) : 660~667

[journal] H.Y. Lin / 2007 / A Fuzzy-Based Decision-Making Procedure for Data Warehouse System Selection / Expert Systems with Applications 32(3) : 939~953

[journal] M.J. Schniederjans / 1991 / Using the Analytic Hierarchy Process and Goal Programming for Information System Project Selection / Information and Management 20(5) : 333~342

[confproc] M. Monheit / 1990 / Information Systems Architecture: a Consulting Methodology / Proceeding of the 1990 IEEE International Conference on Computer Systems and Software Engineering : 568~572

[journal] E.E. Anderson / 2008 / Enterprise Information Security Strategies / Computers &Security 27(1) : 22~29

[journal] M. Choi / 2008 / Optimizing Quality Levels and Development Costs for Developing an Integrated Information Security System / Information Security Applications / Springer 4867 : 359~370

[journal] S. Kim / 2007 / A Study on Decision Consolidation Methods Using Analytic Models for Security Systems / Computers & Security 26(2) : 145~153

[confproc] P. Kongsuwan / 2008 / Managing Quality Level for Developing Information Security System Adopting QFD, / Proceeding of 2008 Ninth ACIS International Conference on Software Engineering, Artificial Intelligence,Networking, and Parallel/Distributed Computing : 19~24

[journal] C.S. Leem / 2002 / Introduction to an Integrated Methodology for Development and Implementation of Enterprise Information Systems / Journal of Systems and Software 60(3) : 349~361

[journal] H.V.Nguyen / 2009 / An integrated approach to the optimal selection of security tools using analytic hierarchy process and goal programming / International Journal of Technology Management

[journal] T. Tsiakis / 2005 / The Economic Approach of Information Security / Computers & Security 24(2) : 105~108

[web] / ISO/IEC 15408-1:2005 / http:/ /www.iso.org/ iso/ catalogue_detail.htm?csnumber=40612.

[other] EC advisory group SOG-IS, / 1991 / Information Technology Security Evaluation Criteria (ITSEC) / Version 1.2, the Department of Trade and Industry

[other] Department of Defense Standard / 1985 / Department of Defense Trusted Computer System Evaluation Criteria / DoD 5200.28-STD,

[confproc] R.Hefner, / 1997 / System Security Engineering Capability Maturity Model / Proceeding of Conference on Software Process Improvement

[journal] M. Eloff / 2000 / Information Security Management, Hierarchical Framework for Various Approaches / Computers & Security 19(3) : 243~256

[book] W.T.Polk / 1992 / Guide to the Selection of Anti-Virus Tools & Techniques / ,Diane Books PublishingCompany

[book] R. Firth / 1998 / An Approach for Selecting and Specifying Tools for Information Survivability / Carnegie Mellon University

[web] / ISO/IEC 9126-1:2001 / http:/ /www.iso.org/ iso/ iso_catalogue/ catalogue_tc/catalogue_detail.htm?csnumber=22749

[journal] T.L. Saaty / 1977 / A Scaling Method for Priorities in Hierarchical Structures / Journal of Mathematical Psychology 15(3) : 234~281

[journal] S. Chakraborty / 2007 / QFD-Based Expert System for Non-Traditional Machining Processes Selection / Expert Systems with Applications 32(4) : 1208~1217

[journal] L. Chan / 2002 / Quality Function Deployment: a Literature Review / European Journal of Operational Research 143(3) : 463~497

[journal] H. Tanaka / 1982 / Linear Regression Analysis with Fuzzy Model / IEEE Transactions on Systems, Man, and Cybernetics, 12(6) : 903~907

[journal] H. Tanaka / 1988 / Possibilistic Linear Systems and Their Application to the Linear Regression Model / Fuzzy Sets and Systems 27(3) : 275~289

[journal] A. Messac / 1996 / Linear Physical Programming: a New Approach to Multiple Objective Optimization / Transactions on Operational Research 8(1) : 39~59

[journal] W. Chen / 2000 / Exploration of the Effectiveness of Physical Programming in Robust Design / ASME Journalof Mechanical Design 122(2) : 155~163

[confproc] E. Kongar / 2002 / Disassembly-to-Order System Using Linear Physical Programming / Proceeding of IEEE International Symposium in Electronics and the Environment : 312~317

[journal] E. Melachrinoudis / 2005 / Consolidating a Warehouse Network: a Physical Programming Approach / International Journal of Production Economics 97(1) : 1~17

[journal] M. Patel / 1089 / System Design through Subsystem Selection Using Physical Programming / AIAA Journal 41(6) : 1089~1096

[book] M.J.Schniederjans / 1984 / Linear Goal Programming / Petrocelli Books

This paper was written with support from the National Research Foundation of Korea.

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65