Vol.65, No.1, 2020, pp.683-704, doi:10.32604/cmc.2020.010793
OPEN ACCESS
ARTICLE
Comprehensive Information Security Evaluation Model Based on Multi-Level Decomposition Feedback for IoT
  • Jinxin Zuo1, 3, Yueming Lu1, 3, *, Hui Gao2, 3, Ruohan Cao2, 3, Ziyv Guo2, 3, Jim Feng4
1 School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, 100876, China.
2 School of Information and Communication Engineering, Beijing University of Posts and Telecommunications, Beijing, 100876, China.
3 Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing, 100876, China.
4 Amphenol Global Interconnect Systems, San Jose, CA 95131, USA.
* Corresponding Author: Yueming Lu. Email: ymlu@bupt.edu.cn.
Received 30 March 2020; Accepted 29 May 2020; Issue published 23 July 2020
Abstract
The development of the Internet of Things (IoT) calls for a comprehensive information security evaluation framework to quantitatively measure the safety score and risk (S&R) value of the network urgently. In this paper, we summarize the architecture and vulnerability in IoT and propose a comprehensive information security evaluation model based on multi-level decomposition feedback. The evaluation model provides an idea for information security evaluation of IoT and guides the security decision maker for dynamic protection. Firstly, we establish an overall evaluation indicator system that includes four primary indicators of threat information, asset, vulnerability, and management, respectively. It also includes eleven secondary indicators of system protection rate, attack detection rate, confidentiality, availability, controllability, identifiability, number of vulnerabilities, vulnerability hazard level, staff organization, enterprise grading and service continuity, respectively. Then, we build the core algorithm to enable the evaluation model, wherein a novel weighting technique is developed and a quantitative method is proposed to measure the S&R value. Moreover, in order to better supervise the performance of the proposed evaluation model, we present four novel indicators includes residual risk, continuous conformity of residual risk, head-to-tail consistency and decrease ratio, respectively. Simulation results show the advantages of the proposed model in the evaluation of information security for IoT.
Keywords
IoT, information security quantitative evaluation, safety score, residual risk.
Cite This Article
Zuo, J., Lu, Y., Gao, H., Cao, R., Guo, Z. et al. (2020). Comprehensive Information Security Evaluation Model Based on Multi-Level Decomposition Feedback for IoT. CMC-Computers, Materials & Continua, 65(1), 683–704.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.